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High Vulnerabilities 








Primary CVSS Source & Patch 








Vendor -- Product Beseription Published Score Info 
Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer 
wrap-around in functions malloc, realloc and memalign. This CVE-2021-26461 
apache -- nuttx improper memory assignment can lead to arbitrary memory 2021-06-21 25 C—O 


allocation, resulting in unexpected behavior such as a crash or a CONFIRM 


remote code injection/execution. 


The Autoptimize WordPress plugin before 2.7.8 attempts to delete 
malicious files (such as .php) form the uploaded archive via the 
"Import Settings" feature, after its extraction. However, the 
extracted folders are not checked and it is possible to upload a zip 








CVE-2021-24376 








euteptimize <aulopumize which contained a directory with PHP file in it and then itis not__|| 2021-06-21 75 |CONFIRM 
removed from the disk. It is a bypass of CVE-2020-24948 which 
allows sending a PHP file via the "Import Settings" functionality to 
achieve Remote Code Execution. 
In the Location Manager WordPress plugin before 2.1.0.10, the 
: ‘ aire ie CVE-2021-24361 
ayecode -- location_manager AJAX action gd_popular_location_list did not properly sanitise or 2021-06-21 75 MISC 


validate some of its POST parameters, which are then used ina 
SQL statement, leading to unauthenticated SQL Injection issues. 


An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 
message, the sender can specify a filename. This filename can 
include path-traversal characters, allowing the file to be written to 
an arbitrary location on disk. 


Contiki-NG is an open-source, cross-platform operating system for 
internet of things devices. A buffer overflow vulnerability exists in 
Contiki-NG versions prior to 4.6. After establishing a TCP socket 
contiki-ng -- contiki-ng using the tcp-socket library, it is possible for the remote end to 2021-06-18 
send a packet with a data offset that is unvalidated. The problem 
has been patched in Contiki-NG 4.6. Users can apply the patch for 
this vulnerability out-of-band as a workaround. 


Contiki-NG is an open-source, cross-platform operating system for 
internet of things devices. It is possible to cause an out-of-bounds 
write in versions of Contiki-NG prior to 4.6 when transmitting a 
GLOWPAN packet with a chain of extension headers. 

contiki-ng -- contiki-ng Unfortunately, the written header is not checked to be within the 2021-06-18 
available space, thereby making it possible to write outside the 
buffer. The problem has been patched in Contiki-NG 4.6. Users 
can apply the patch for this vulnerability out-of-band as a 
workaround. 


CONFIRM 








CVE-2021-33576 


2021-06-18 is MISC 


cleo -- lexicom 





MISC 








CVE-2021-21281 
L5 MISC 
CONFIRM 











CVE-2021-21280 
LS MISC 
CONFIRM 
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function in include/txp_file.php. 

















MISC 


Prima’ ae ; CVSS Source & Patch 
Vendor -- Pesalick Bescnption Publiehed Score Info 
Contiki-NG is an open-source, cross-platform operating system for 
internet of things devices. In verions prior to 4.6, an attacker can 
perform a denial-of-service attack by triggering an infinite loop in 
the processing of IPv6 neighbor solicitation (NS) messages. This CVE-2021-21279 
contiki-ng -- contiki-ng type of attack can effectively shut down the operation of the 2021-06-18 18 CONFIRM 
system because of the cooperative scheduling used for the main a 
parts of Contiki-NG and its communication stack. The problem has 
been patched in Contiki-NG 4.6. Users can apply the patch for this 
vulnerability out-of-band as a workaround. 
Contiki-NG is an open-source, cross-platform operating system for 
internet of things devices. In versions prior to 4.5, buffer overflow 
a as can be triggered by an input packet when using either of Contiki- CVE-2021-21282 
contiki-ng -- contiki-ng NG's two RPL imol ‘ : eee 2021-06-18 pes MISC 
plementations in source-routing mode. The CONFIRM 
problem has been patched in Contiki-NG 4.5. Users can apply the Frcsne aes 
patch for this vulnerability out-of-band as a workaround. 
In updateDrawable of StatusBarlconView.java, there is a possible 
permission bypass due to an uncaught exception. This could lead 
to local escalation of privilege by running foreground services CVE-2021-0478 
google -- android without notifying the user, with User execution privileges needed. 2021-06-21 12 MISC... 
User interaction is not needed for exploitation.Product: are 
AndroidVersions: Android-10 Android-11 Android-8.1 Android- 
9Android ID: A-169255797 
In handle_rc_metamsg_cmd of btif_rc.cc, there is a possible out of 
bounds write due to a missing bounds check. This could lead to 
; remote code execution over Bluetooth with no additional execution CVE-2021-0507 
google — android privileges needed. User interaction is not needed for eerie) 8.3 MISC 
exploitation.Product: AndroidVersions: Android-11 Android-8.1 
Android-9 Android-10Android ID: A-181860042 
In the Settings app, there is a possible way to disable an always- 
on VPN due to a missing permission check. This could lead to CVE-2021-0505 
google -- android local escalation of privilege with no additional execution privileges || 2021-06-21 LZ MISC... 
needed. User interaction is not needed for exploitation.Product: ieee 
AndroidVersions: Android-11Android ID: A-179975048 
In p2p_process_prov_disc_req of p2p_pd.c, there is a possible 
out of bounds read and write due to a use after free. This could 
; lead to remote escalation of privilege with no additional execution CVE-2021-0516 
Google ~andraid privileges needed. User interaction is not needed for cael ee! L8 MISC 
exploitation.Product: AndroidVersions: Android-11 Android-8.1 
Android-9 Android-10Android ID: A-181660448 
greenbone -- Greenbone Security Assistant (GSA) before 7.0.3 and Greenbone 2021-06-21 75 eee 
greenbone_security_assistant OS (GOS) before 5.0.0 allow Host Header Injection. a MISC 
Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does CVE-2021-21669 
jenkins -- generic_webhook_trigger ||not configure its XML parser to prevent XML external entity (XXE) || 2021-06-18 ee CONFIRM 
attacks. MLIST 
Joomla! Core is prone to a security bypass vulnerability. Exploiting 
this issue may allow attackers to perform otherwise restricted CVE-2010-1435 
isahila&toomial actions and subsequently retrieve password reset tokens from the 2021-06-21 75 MSC... 
! J : database through an already existing SQL injection vector. a MISC 
Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and fepreeees 
including 1.5.15 are vulnerable. 
Joomla! Core is prone to a vulnerability that lets attackers upload 
arbitrary files because the application fails to properly verify user- 
supplied input. An attacker can exploit this vulnerability to upload CVE-2010-1433 
joomla -- joomla\! arbitrary code and run it in the context of the webserver process. 2021-06-21 iD MISC 
This may facilitate unauthorized access or privilege escalation; MISC 
other attacks are also possible. Joomla! Core versions 1.5.x 
ranging from 1.5.0 and up to and including 1.5.15 are vulnerable. 
Secure 8 (Evalos) does not validate user input data correctly, 
allowing a remote attacker to perform a Blind SQL Injection. An CVE-2021-3604 
primion-digitek -- secure_8 attacker could exploit this vulnerability in order to extract 2021-06-18 £5 CONFIRM 
information of users and administrator accounts stored in the CONFIRM 
database. 
The Fancy Product Designer WordPress plugin before 4.6.9 CVE-2021-24370 
radykal -- fancy_product_designer ||allows unauthenticated attackers to upload arbitrary files, resulting || 2021-06-21 i MISC 
in remote code execution. CONFIRM 
SerenityOS before commit oo 
serenityos -- serenityos Et ecards cr tome ac contains a 2021-06-18 75 MISC 
irectory traversal vulnerability in tar/unzip that may lead to MISC 
command execution or privilege escalation. CONFIRM 
textpattern -- textpattern Textpattern 4.7.3 contains an aribtrary file load via the file_insert 2021-06-21 | 75 CVE-2020-19510 
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white_shark_systems 














this vulnerability to escalate to admin privileges. 














MISC 





Primary ae ; Cvss Source & Patch 
Vendor -- Product Descnpron Pubiiehes | Score Info 
txjia — imcat SQL Injection vulnerability in imcat v5.2 via the fm[auser] 2021-06-23 75 CVE-2020-20392 
parameters in coms/add_coms.php. MISC 
F : White Shark System (WSS) 1.3.2 is vulnerable to unauthorized 
Wwhite_shark_systems_project a access via user_edit_password.php, remote attackers can modify || 2021-06-21 “5 CVE-2020-20466 
Wwhite_shark_systems MISC 
the password of any user. 
F 7 White Shark System (WSS) 1.3.2 has an unauthorized access 
White shark _systems_project= vulnerability in default_user_edit.php, remote attackers can exploit |} 2021-06-21 en 
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Information Disclosure in NoneCMS v1.3 allows remote attackers 


CVE-2020-18647 


































































































5none -- nonecms to obtain sensitive information via the component 2021-06-22 5 MISC 
"/nonecms/vendor". (eae 
Information Disclosure in NoneCMS v1.3 allows remote attackers 
Snone -- nonecms ito obtain sensitive information via the component 2021-06-22 5 CVE-2020-18646 
i" ‘afi " MISC 
/public/index.php". 
Accellion Kiteworks before 7.3.1 allows a user with Admin CVE-2021-31585 
accellion -- kiteworks privileges to escalate their privileges by generating SSH 2021-06-23 4.6 CONFIRM 
passwords that allow local access. MISC 
: F F CVE-2021-31586 
Aecellion <= ‘eitawarke Accellion Kiteworks before 7.4.0 allows an authenticated user to 2021-06-23 6.5 MISC 
perform SQL Injection via LDAPGroup Search. CONFIRM 
Advantech WebAccess/SCADA Versions 9.0.1 and prior is CVE-2021-32954 
advantech -- webaccess\V/scada vulnerable to a directory traversal, which may allow an attacker to || 2021-06-18 6.8 MISC. 
remotely read arbitrary files on the file system. (naan 
Advantech WebAccess/SCADA Versions 9.0.1 and prior is 
vulnerable to redirection, which may allow an attacker to send a CVE-2021-32956 
Sevan isemerebareeen caus maliciously crafted URL that could result in redirecting a user to a ete t ies 5.8 MISC 
malicious webpage. 
Akaunting <= 2.0.9 is vulnerable to CSV injection in the Item name 
Acc . field, export function. Attackers can inject arbitrary code into the OR. CVE-2020-22390 
akaunting Salaunang name parameter and perform code execution when the crafted file ere voor £8 MISC 
is opened. 
‘The Jetpack Carousel module of the JetPack WordPress plugin 
Peer eee and allows users to comment on the images. Asecunty | ooo4 og, |g — (ove;z0at-24sz# 
Jetp vulnerability was found within the Jetpack Carousel module by = MISC. 
nguyenhg_vcs that allowed the comments of non-published pe 
page/posts to be leaked. 
‘The Autoptimize WordPress plugin before 2.7.8 attempts to 
remove potential malicious files from the extracted archive 
‘nates bok uploaded via the ‘Import Settings' feature, however this is not 6. CVE-2021-24377 
pUropumize —aulopunize sufficient to protect against RCE as a race condition can be etele-e) 58 CONFIRM 
achieved in between the moment the file is extracted on the disk 
but not yet removed. It is a bypass of CVE-2020-24948. 
This vulnerability could allow an attacker to hijack a session while 
a user is logged in the configuration web page. This vulnerability 
ee ; was discovered by a security researcher in B426 and found during 0g. CVE-2021-23845 
BEsch)bt25 aiminare internal product tests in B426-CN/B429-CN, and B426-M and has || 2021-06-18 | =6:8 CONFIRM 
been fixed already starting from version 3.08 on, which was 
released on June 2019. 
When using http protocol, the user password is transmitted as a 
clear text parameter for which it is possible to be obtained by an CVE-2021-23846 
bosch -- b426_ firmware attacker through a MITM attack. This will be fixed starting from 2021-06-18 4.3 CONFIRM 
Firmware version 3.11.5, which will be released on the 30th of or 
June, 2021. 
An issue was discovered in Cleo LexiCom 5.5.0.0. The 
requirement for the sender of an AS2 message to identify CVE-2021-33577 
cleo -- lexicom themselves (via encryption and signing of the message) can be 2021-06-18 5 MISC 
bypassed by changing the Content-Type of the message to MISC 
text/plain. 
Cross-site scripting vulnerability in Welcart e-Commerce versions CVE-2021-20734 
collne -- welcart prior to 2.2.4 allows remote attackers to inject arbitrary script or 2021-06-22 4.3 MISC 
HTML via unspecified vectors. MISC 
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GET parameter before outputting it in a Javascript block, leading 

















CONFIRM 





Primary ae P Cvss Source & Patch 
Vendor -- Product Bescmpton Published Score Info 
A Regular Expression Denial of Service (ReDOS) vulnerability 1 nian 
color-string_project -- color-string was discovered in Color-String version 1.5.5 and below which 2021-06-21 5 MISC 
occurs when the application is provided and checks a crafted MISC 
invalid HWB string. MISC 
Contiki-NG is an open-source, cross-platform operating system for 
internet of things devices. The RPL-Classic and RPL-Lite 
implementations in the Contiki-NG operating system versions prior 
ito 4.6 do not validate the address pointer in the RPL source 
routing header This makes it possible for an attacker to cause out- 
of-bounds writes with packets injected into the network stack. 
Specifically, the problem lies in the rp|_ext_header_srh_update : i 
Kontikina-ceontiicn function in the two rpl-ext-header.c modules for RPL-Classic and 2021-06-18 5 1 ane 
9 9 RPL-Lite respectively. The addr_ptr variable is calculated using an = CONFIRM 
unvalidated CMPR field value from the source routing header. An === = 
out-of-bounds write can be triggered on line 151 in 
os/net/routing/rpl-lite/rp|-ext-header.c and line 261 in 
os/net/routing/rpl-classic/rpl-ext-header.c, which contain the 
following memcpy call with addr_ptr as destination. The problem 
has been patched in Contiki-NG 4.6. Users can apply a patch out- 
of-band as a workaround. 
Contiki-NG is an open-source, cross-platform operating system for 
Next-Generation loT devices. An out-of-bounds read can be 
triggered by BLOWPAN packets sent to devices running Contiki- 
NG 4.6 and prior. The IPv6 header decompression function 
(<code>uncompress_hdr_iphc</code>) does not perform proper CVE-2021-21410 
contiki-ng -- contiki-ng boundary checks when reading from the packet buffer. Hence, it is || 2021-06-18 6.4 CONFIRM 
possible to construct a compressed 6LOWPAN packet that will MISC 
read more bytes than what is available from the packet buffer. As 
of time of publication, there is not a release with a patch available. 
Users can apply the patch for this vulnerability out-of-band as a 
workaround. 
Cross-site scripting vulnerability in EC-CUBE Category contents 
plugin (for EC-CUBE 3.0 series) versions prior to version 1.0.1 CVE-2021-20744 
ec-cube -- business_form_output __|lallows a remote attacker to inject an arbitrary script by leading an || 2021-06-22 4.3 MISC 
administrator or a user to a specially crafted page and to perform MISC 
a specific operation. 
Cross-site scripting vulnerability in EC-CUBE Business form 
; output plugin (for EC-CUBE 3.0 series) versions prior to version CVE-2021-20742 
ec-cube -- business_form_output hte . napa 2021-06-22 4.3 MISC 
1.0.1 allows a remote attacker to inject an arbitrary script via MISC 
unspecified vector. fica 
Cross-site scripting vulnerability in EC-CUBE Email newsletters 
aéeetibex: management plugin (for EC-CUBE 3.0 series) versions prior to CVE-2021-20743 
; version 1.0.4 allows a remote attacker to inject an arbitrary script 2021-06-22 4.3 MISC 
email_newsletters_management : f 
by leading a user to a specially crafted page and to perform a MISC 
specific operation. 
The Quiz And Survey Master a€“ Best Quiz, Exam and Survey 
Plugin WordPress plugin before 7.1.18 did not sanitise or escape 
expresstech -- its result_id parameter when displaying an existing quiz result 2021-06-20 43 CVE-2021-24368 
quiz_and_survey_master page, leading to a reflected Cross-Site Scripting issue. This could —— CONFIRM 
allow for privilege escalation by inducing a logged in admin to 
open a malicious link 
CVE-2020-18658 
Net a P Cross Site Scriptiong (XSS) vulnerability in GetSimpleCMS 6. MISC 
Gel-siniple-~getsimpleems <=3.3.15 via the timezone parameter to settings.php. ed dd 4.3 MISC 
MISC 
Cross Site Scripting vulnerability in GetSimpleCMS <=3.3.15 via —— 
get-simple -- getsimplecms the (1) sitename, (2) username, and (3) email parameters to 2021-06-23 4.3 MISC 
/admin/setup.php MISC 
The WP Hardening a€“ Fix Your WordPress Security WordPress 
= , plugin before 1.2.2 did not sanitise or escape the 06. CVE-2021-24372 
Getasta wip hardening $ SERVER['REQUEST_URI'] before outputting it in an attribute, || 2221-06-21 4:3 |CONFIRM 
leading to a reflected Cross-Site Scripting issue. 
The WP Hardening a€“ Fix Your WordPress Security WordPress 
getastra - wp_hardening plugin before 1.2.2 did not sanitise or escape the historyvalue 2021-06-21 43 CVE-2021-24373 


ito a reflected Cross-Site Scripting issue. 
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gitpod -- gitpod 


Gitpod before 0.6.0 allows unvalidated redirects. 


2021-06-22 


CVE-2021-35206 


MISC 
MISC 
MISC 
MISC 
MISC 
MISC 


= 
in 
1} 


= 
(ee) 
© 








google -- android 


In archiveStoredConversation of MmsService.java, there is a 
possible way to archive message conversation without user 
consent due to a missing permission check. This could lead to 
local escalation of privilege with no additional execution privileges 
needed. User interaction is not needed for exploitation.Product: 
AndroidVersions: Android-11Android ID: A-180419673 


2021-06-22 


CVE-2021-0539 
MISC 








google -- android 


In dropFile of WiFilnstaller, there is a way to delete files accessible 
to CertInstaller due to a confused deputy. This could lead to local 
escalation of privilege with no additional execution privileges 
needed. User interaction is not needed for exploitation.Product: 
AndroidVersions: Android-11Android ID: A-176756691 


2021-06-22 


CVE-2021-0536 
MISC 








google -- android 


In wpas_ctrl_msg_queue_timeout of ctrl_iface_unix.c, there is a 
possible memory corruption due to a use after free. This could 
lead to local escalation of privilege with System execution 
privileges needed. User interaction is not needed for 
exploitation.Product: AndroidVersions: Android-11Android ID: A- 
168314741 


2021-06-22 


CVE-2021-0535 
MISC 








google -- android 


In halWrapperDataCallback of hal_wrapper.cc, there is a possible 
out of bounds write due to a missing bounds check. This could 
lead to local escalation of privilege with System execution 
privileges needed. User interaction is not needed for 
exploitation.Product: AndroidVersions: Android-11Android ID: A- 
169328517 


2021-06-22 


CVE-2021-0540 
MISC 








google -- android 


In RenderStruct of protostream_objectsource.cc, there is a 
possible crash due to a missing null check. This could lead to 
remote denial of service with no additional execution privileges 
needed. User interaction is not needed for exploitation.Product: 
AndroidVersions: Android-11Android ID: A-179161711 


2021-06-22 


In 


CVE-2021-0555 
MISC 








google -- android 


In ConnectionHandler::SdpCb of connection_handler.cc, there is a 
possible out of bounds read due to a use after free. This could 
lead to remote information disclosure with no additional execution 
privileges needed. User interaction is not needed for 
exploitation.Product: AndroidVersions: Android-11 Android-9 
Android-10Android ID: A-174182139 


2021-06-21 


In 


CVE-2021-0522 
MISC 








google -- android 


In ActivityPicker.java, there is a possible bypass of user interaction 
in intent resolution due to a tapjacking/overlay attack. This could 
lead to local escalation of privilege with User execution privileges 
needed. User interaction is needed for exploitation.Product: 
AndroidVersions: Android-10 Android-11 Android-8.1 Android- 
9Android ID: A-181962311 


2021-06-21 


CVE-2021-0506 
MISC 








google -- android 


In permission declarations of DeviceAdminReceiver.java, there is 
a possible lack of broadcast protection due to an insecure default 
value. This could lead to local escalation of privilege with no 
additional execution privileges needed. User interaction is not 
needed for exploitation.Product: AndroidVersions: Android- 
11Android ID: A-170639543 


2021-06-22 


CVE-2021-0534 
MISC 








google -- android 


In memory management driver, there is a possible memory 
corruption due to a use after free. This could lead to local 
escalation of privilege with no additional execution privileges 
needed. User interaction is not needed for exploitation.Product: 
AndroidVersions: Android SoCAndroid ID: A-185195272 


2021-06-21 


CVE-2021-0531 
MISC 








google -- android 


In memory management driver, there is a possible out of bounds 
write due to uninitialized data. This could lead to local escalation 
of privilege with no additional execution privileges needed. User 
interaction is not needed for exploitation.Product: 
AndroidVersions: Android SoCAndroid ID: A-185196175 


2021-06-21 


CVE-2021-0530 
MISC 








google -- android 











In memory management driver, there is a possible memory 
corruption due to improper locking. This could lead to local 
escalation of privilege with no additional execution privileges 
needed. User interaction is not needed for exploitation.Product: 
AndroidVersions: Android SoCAndroid ID: A-185195268 








2021-06-21 











CVE-2021-0529 
MISC 
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google -- android 


In memory management driver, there is a possible memory 
corruption due to a double free. This could lead to local escalation 
of privilege with no additional execution privileges needed. User 
interaction is not needed for exploitation.Product: 
AndroidVersions: Android SoCAndroid ID: A-185195266 


2021-06-21 


CVE-2021-0528 
MISC 








google -- android 


In memory management driver, there is a possible memory 
corruption due to a use after free. This could lead to local 
escalation of privilege with no additional execution privileges 
needed. User interaction is not needed for exploitation.Product: 
AndroidVersions: Android SoCAndroid ID: A-185193931 


2021-06-21 


CVE-2021-0527 
MISC 








google -- android 


In phNxpNciHal_process_ext_rsp of phNxpNciHal_ext.cc, there is 
a possible out of bounds write due to an integer overflow. This 
could lead to local escalation of privilege with System execution 
privileges needed. User interaction is not needed for 
exploitation.Product: AndroidVersions: Android-11Android ID: A- 
169258743 


2021-06-22 


CVE-2021-0543 
MISC 








google -- android 


In memory management driver, there is a possible out of bounds 
write due to uninitialized data. This could lead to local escalation 
of privilege with no additional execution privileges needed. User 
interaction is not needed for exploitation.Product: 
AndroidVersions: Android SoCAndroid ID: A-185195264 


2021-06-21 


CVE-2021-0526 
MISC 








google -- android 


In memory management driver, there is a possible out of bounds 
write due to a use after free. This could lead to local escalation of 
privilege with no additional execution privileges needed. User 
interaction is not needed for exploitation.Product: 
AndroidVersions: Android SoCAndroid ID: A-185193929 


2021-06-21 


CVE-2021-0525 
MISC 








google -- android 


In deleteNotificationChannel and related functions of 
NotificationManagerService.java, there is a possible permission 
bypass due to improper state validation. This could lead to local 
escalation of privilege via hidden services with no additional 
execution privileges needed. User interaction is not needed for 
exploitation.Product: AndroidVersions: Android-9 Android-10 
Android-11 Android-8.1Android ID: A-156090809 


2021-06-21 


CVE-2021-0513 
MISC 








google -- android 


In __hidinput_change_resolution_multipliers of hid-input.c, there is 
a possible out of bounds write due to a heap buffer overflow. This 
could lead to local escalation of privilege with no additional 
execution privileges needed. User interaction is not needed for 
exploitation.Product: AndroidVersions: Android kernelAndroid ID: 
A-173843328References: Upstream kernel 


2021-06-21 


CVE-2021-0512 
MISC 








google -- android 


In Dex2oat of dex2oat.cc, there is a possible way to inject 
bytecode into an app due to improper input validation. This could 
lead to local escalation of privilege with no additional execution 
privileges needed. User interaction is not needed for 
exploitation.Product: AndroidVersions: Android-9 Android-10 
Android-11Android ID: A-178055795 


2021-06-21 


CVE-2021-0511 
MISC 








google -- android 


In pfkey_dump of af_key.c, there is a possible out-of-bounds read 
due to a missing bounds check. This could lead to local 
information disclosure in the kernel with System execution 
privileges needed. User interaction is not needed for 
exploitation.Product: AndroidVersions: Android kernelAndroid ID: 
A-110373476 


2021-06-22 


CVE-2021-0605 
MISC 








google -- android 


In updateCapabilities of ConnectivityService.java, there is a 
possible incorrect network state determination due to a logic error 
in the code. This could lead to biasing of networking tasks to occur 
on non-VPN networks, which could lead to remote information 
disclosure, with no additional execution privileges needed. User 
interaction is not needed for exploitation.Product: 
AndroidVersions: Android-11Android ID: A-179053823 


2021-06-21 


In 


CVE-2021-0517 
MISC 








google -- android 


In sendBugreportNotification of BugreportProgressService.java, 
there is a possible permission bypass due to an unsafe 
PendingIntent. This could lead to local escalation of privilege with 
User execution privileges needed. User interaction is not needed 
for exploitation.Product: AndroidVersions: Android-11Android ID: 
A-178803845 


2021-06-22 


CVE-2021-0570 
MISC 








google -- android 











In phNxpNciHal_print_res_ status of phNxpNciHal.cc, there is a 
possible out of bounds write due to a missing bounds check. This 
could lead to local escalation of privilege with System execution 
privileges needed. User interaction is not needed for 
exploitation.Product: AndroidVersions: Android-11Android ID: A- 
169257710 








2021-06-22 











CVE-2021-0544 
MISC 
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google -- android 


In onCreate of WifiscanModeActivity.java, there is a possible way 
to enable Wi-Fi scanning without user consent due to a 
tapjacking/overlay attack. This could lead to local escalation of 
privilege with User execution privileges needed. User interaction is 
needed for exploitation.Product: AndroidVersions: Android-10 
Android-11Android ID: A-174047492 


2021-06-21 


CVE-2021-0523 
MISC 








google -- android 


In bind of MediaControlPanel.java, there is a possible way to lock 
up the system UI using a malicious media file due to improper 
input validation. This could lead to remote denial of service with no 
additional execution privileges needed. User interaction is needed 
for exploitation.Product: AndroidVersions: Android-11Android ID: 
A-180518039 


2021-06-22 


CVE-2021-0551 
MISC 








google -- android 


In setRange of ABuffer.cpp, there is a possible out of bounds write 
due to an integer overflow. This could lead to remote code 
execution with no additional execution privileges needed. User 
interaction is needed for exploitation.Product: AndroidVersions: 
Android-11Android ID: A-179046129 


2021-06-22 


CVE-2021-0557 
MISC 








google -- android 


In fillMainDataBuf of pymp3_framedecoder.cpp, there is a possible 
out of bounds read due to a heap buffer overflow. This could lead 
ito remote information disclosure with no additional execution 
privileges needed. User interaction is needed for 
exploitation.Product: AndroidVersions: Android-11Android ID: A- 
173473906 


2021-06-22 


CVE-2021-0558 
MISC 








google -- android 


In Lag_max of p_ol_wgh.cpp, there is a possible out of bounds 
read due to a missing bounds check. This could lead to remote 
information disclosure with no additional execution privileges 
needed. User interaction is needed for exploitation.Product: 
AndroidVersions: Android-11Android ID: A-172312730 


2021-06-22 


CVE-2021-0559 
MISC 








google -- android 


In wrapUserThread of AudioStream.cpp, there is a possible use 
after free due to a race condition. This could lead to local 
escalation of privilege with no additional execution privileges 
needed. User interaction is not needed for exploitation.Product: 
AndroidVersions: Android-11Android ID: A-174801970 


2021-06-22 


CVE-2021-0565 
MISC 








google -- android 


In decrypt of CryptoPlugin.cpp, there is a possible use-after-free 
due to a race condition. This could lead to local escalation of 
privilege with System execution privileges needed. User 
interaction is not needed for exploitation.Product: 
AndroidVersions: Android-11Android ID: A-176495665 


2021-06-22 


CVE-2021-0564 
MISC 








google -- android 


In onBindViewHolder of AppSwitchPreference.java, there is a 
possible bypass of device admin setttings due to unclear UI. This 
could lead to local escalation of privilege with User execution 
privileges needed. User interaction is needed for 
exploitation.Product: AndroidVersions: Android-11Android ID: A- 
169936038 


2021-06-22 


CVE-2021-0553 
MISC 








google -- android 


In onCreate of EmergencyCallbackModeExitDialog.java, there is a 
possible exit of emergency callback mode due toa 
tapjacking/overlay attack. This could lead to local escalation of 
privilege with User execution privileges needed. User interaction is 
needed for exploitation.Product: AndroidVersions: Android- 
11Android ID: A-178821491 


2021-06-22 


CVE-2021-0538 
MISC 








google -- android 


In onCreate of WiFilnstaller.java, there is a possible way to install 
a malicious Hotspot 2.0 configuration due to a tapjacking/overlay 
attack. This could lead to local escalation of privilege with User 
execution privileges needed. User interaction is needed for 
exploitation.Product: AndroidVersions: Android-11Android ID: A- 
176756141 


2021-06-22 


CVE-2021-0537 
MISC 








google -- android 


In memory management driver, there is a possible memory 
corruption due to a race condition. This could lead to local 
escalation of privilege with no additional execution privileges 
needed. User interaction is not needed for exploitation.Product: 
AndroidVersions: Android SoCAndroid ID: A-185193932 


2021-06-21 


CVE-2021-0533 
MISC 








google -- android 


In memory management driver, there is a possible memory 
corruption due to a race condition. This could lead to local 
escalation of privilege with no additional execution privileges 
needed. User interaction is not needed for exploitation.Product: 
AndroidVersions: Android SoCAndroid ID: A-185196177 


2021-06-21 


CVE-2021-0532 
MISC 








google -- android 








In several functions of MemoryFileSystem.cpp and related files, 
there is a possible use after free due to a race condition. This 
could lead to local escalation of privilege with no additional 
execution privileges needed. User interaction is not needed for 
exploitation.Product: AndroidVersions: Android-11 Android- 
10Android ID: A-176237595 











2021-06-21 








CVE-2021-0520 
MISC 
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google -- android 


In phNxpNciHal_print_res_ status of phNxpNciHal.cc, there is a 
possible out of bounds write due to a missing bounds check. This 
could lead to local escalation of privilege in the NFC server with 
System execution privileges needed. User interaction is not 
needed for exploitation.Product: AndroidVersions: Android- 
11Android ID: A-169258884 


2021-06-22 


CVE-2021-0545 
MISC 








google -- android 


In various functions of CryptoPlugin.cpp, there is a possible use 
after free due to a race condition. This could lead to local 
escalation of privilege with no additional execution privileges 
needed. User interaction is not needed for exploitation.Product: 
AndroidVersions: Android-9 Android-10 Android-11 Android- 
8.1Android ID: A-176444161 


2021-06-21 


CVE-2021-0509 
MISC 








google -- android 


In handleAppLaunch of AppLaunchActivity.java, there is a 
possible arbitrary activity launch due to a confused deputy. This 
could lead to local escalation of privilege with no additional 
execution privileges needed. User interaction is not needed for 
exploitation.Product: AndroidVersions: Android kernelAndroid ID: 
A-174870704 


2021-06-22 


CVE-2021-0608 
MISC 








google -- android 


In iaxxx_calc_i2s_div of iaxxx-codec.c, there is a possible 
hardware port write with user controlled data due to a missing 
bounds check. This could lead to local escalation of privilege with 
no additional execution privileges needed. User interaction is not 
needed for exploitation.Product: AndroidVersions: Android 
kernelAndroid ID: A-180950209 


2021-06-22 


CVE-2021-0607 
MISC 








google -- android 


In drm_syncobj_handle_to_fd of drm_syncobj.c, there is a 
possible use after free due to incorrect refcounting. This could 
lead to local escalation of privilege with System execution 
privileges needed. User interaction is not needed for 
exploitation.Product: AndroidVersions: Android kernelAndroid ID: 
A-168034487 


2021-06-22 


CVE-2021-0606 
MISC 








google -- android 


In ActivityTaskManagerService.startActivity() and 

App TaskImpl.startActivity() of ActivityTaskManagerService.java 
and AppTaskImpl.java, there is possible access to restricted 
activities due to a permissions bypass. This could lead to local 
escalation of privilege with no additional execution privileges 
needed. User interaction is not needed for exploitation.Product: 
AndroidVersions: Android-11Android ID: A-137395936 


2021-06-22 


CVE-2021-0571 
MISC 








google -- android 


In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of 
bounds write due to an integer overflow. This could lead to local 
escalation of privilege with no additional execution privileges 
needed. User interaction is not needed for exploitation.Product: 
AndroidVersions: Android-9 Android-10 Android-11 Android- 
8.1Android ID: A-176444622 


2021-06-21 


CVE-2021-0510 
MISC 








google -- android 


In onReceive of DevicePolicyManagerService.java, there is a 
possible enabling of disabled profiles due to a missing permission 
check. This could lead to local escalation of privilege with no 
additional execution privileges needed. User interaction is not 
needed for exploitation.Product: AndroidVersions: Android- 
11Android ID: A-170121238 


2021-06-22 


CVE-2021-0568 
MISC 








google -- android 


In isRestricted of RemoteViews.java, there is a possible way to 
inject font files due to a permissions bypass. This could lead to 
local escalation of privilege with no additional execution privileges 
needed. User interaction is not needed for exploitation.Product: 
AndroidVersions: Android-11Android ID: A-179461812 


2021-06-22 


CVE-2021-0567 
MISC 








google -- android 


In onLoadFailed of AnnotateActivity.java, there is a possible way 
to gain WRITE_EXTERNAL_STORAGE permissions without user 
consent due to a confused deputy. This could lead to local 
escalation of privilege with no additional execution privileges 
needed. User interaction is not needed for exploitation.Product: 
AndroidVersions: Android-11Android ID: A-179688673 


2021-06-22 


CVE-2021-0550 
MISC 








google -- android 


In rw_i93_send_to_lower of rw_i93.cc, there is a possible out of 
bounds write due to a missing bounds check. This could lead to 
local escalation of privilege with no additional execution privileges 
needed. User interaction is not needed for exploitation.Product: 
AndroidVersions: Android-11Android ID: A-157650357 


2021-06-22 


CVE-2021-0548 
MISC 








google -- android 








In onReceive of NetlnitiatedActivity.java, there is a possible way to 
supply an attacker-controlled value to a GPS HAL handler due to 
a missing permission check. This could lead to local escalation of 
privilege that may result in undefined behavior in some HAL 
implementations with no additional execution privileges needed. 
User interaction is not needed for exploitation.Product: 





AndroidVersions: Android-11Android ID: A-174151048 








2021-06-22 








CVE-2021-0547 
MISC 
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vulnerability affects Firefox < 89.0.1. 

















Primary ae P Cvss Source & Patch 
Vendor -- Product Pescmprlon Published Score Info 
In phNxpNciHal_print_res_ status of phNxpNciHal.cc, there is a 
possible out of bounds write due to a missing bounds check. This 
: could lead to local escalation of privilege with System execution CVE-2021-0546 
google andraid privileges needed. User interaction is not needed for ele eae 4.6 MISC 

exploitation.Product: AndroidVersions: Android-11Android ID: A- 

169258733 

In various functions of DrmPlugin.cpp, there is a possible use after 

free due to a race condition. This could lead to local escalation of 

_ ; privilege with no additional execution privileges needed. User ne. CVE-2021-0508 
google — android interaction is not needed for exploitation.Product: eevee! 6.9 MISC 

AndroidVersions: Android-8.1 Android-9 Android-10 Android- 

11Android ID: A-176444154 
greenbone -- Greenbone Security Assistant (GSA) before 8.0.2 and Greenbone ae 
greenbone_security_assistant ar before 5.0.10 allow XSS during 404 URL handling in 2021-06-21 4.3 MISC 

gsad. MISC 

2% a Cross Site Scripting (XSS) vulnerability in HisiPHP 2.0.8 via the CVE-2020-21130 
hisiphp — hisiphp group name in addgroup.html. ssa hc 4.3 MISC 

A cross site request forgery (CSRF) vulnerability was discovered CVE-2021-34244 
icehrm -- icehrm in Ice Hrm 29.0.0.0S which allows attackers to create new admin 2021-06-22 6.8 MISC. 

accounts or change users' passwords. imaenist 

A session fixation vulnerability was discovered in Ice Hrm 29.0.0 CVE-2021-35046 
icehrm -- icehrm OS which allows an attacker to hijack a valid user session via a 2021-06-22 5.8 MISC... 

crafted session cookie. —— 

Cross site scripting (XSS) vulnerability in lce Hrm 29.0.0.0S, CVE-2021-35045 
icehrm -- icehrm allows attackers to execute arbitrary code via the parameters to 2021-06-22 4.3 MISC... 

the /app/ endpoint. — 

P ' CVE-2021-28833 
, i Increments Qiita:: Markdown before 0.34.0 allows XSS via a eee = 
IneetnGnis= Gilt markcown crafted gist link, a different vulnerability than CVE-2021-28796. _|| 2021-06-21 | ee 

A vulnerability was discovered in IS-SVG version 4.3.1 and below Tr ina 
Has ee where a Regular Expression Denial of Service (ReDOS) occurs if 0g. Fares 
IS SVELDIOIEE! = 15-349 the application is provided and checks a crafted invalid SVG eerie el 2 ie 

string. MISC 

Joomla! Core is prone to a session fixation vulnerability. An 

attacker may leverage this issue to hijack an arbitrary session and CVE-2010-1434 
joomla -- joomla\! gain access to sensitive information, which may help in launching || 2021-06-21 5 MISC 

further attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 MISC 

and up to and including 1.5.15 are vulnerable. 

Joomla! Core is prone to an information disclosure vulnerability. CVE-2010-1432 
idarila<iooralail Attackers can exploit this issue to obtain sensitive information that 2021-06-21 5 MISC OS™ 
! J , may help in launching further attacks. Joomla! Core versions 1.5.x MISC 

ranging from 1.5.0 and up to and including 1.5.15 are vulnerable. a 

Cross Site Request Forgery (CSRF) in JuQingCMS v1.0 allows CVE-2020-18648 
jugingcms -- jugqingcms remote attackers to gain local privileges via the component 2021-06-22 6.8 MISC... 

"JuQingCMS_v1.0/admin/index.php?c=administrator&a=add". fos a 

The login page in the MCUsystem does not filter with special CVE-2021-32536 
mcusystem -- mcusystem characters, which allows remote attackers can inject JavaScript 2021-06-18 4.3 Kane 

MISC 
without privilege and thus perform reflected XSS attacks. (es 
CVE-2020-21517 
enatinfo = metho Cross Site Scripting (XSS) vulnerability in MetInfo 7.0.0 via the 2021-06-21 43 MISC 
gourl parameter in login.php. MISC 
MISC 

An issue was discovered on MOXA Mgate MB3180 Version 2.1 

Build 18113012. Attackers can use slowhttptest tool to send we 
moxa -- mgate_mb3180_firmware _|lincomplete HTTP request, which could make server keep waiting 2021-06-18 5 MISC 

for the packet to finish the connection, until its resource MISC 

exhausted. Then the web server is denial-of-service. <= 

An issue was discovered on MOXA Mgate MB3180 Version 2.1 CVE-2021-33823 
nig€a <2inaale: MAbatBO -Airawere Build 18113012. Attacker could send a huge amount of TCP SYN 2021-06-18 5 MISC. 

gate_ = packet to make web service's resource exhausted. Then the web = MISC 

server is denial-of-service. cee 

Firefox for Android would become unstable and hard-to-recover 
mozilla -- firefox when a website opened too many popups. *This bug only affects 2021-06-24 43 a 

Firefox for Android. Other operating systems are unaffected.*. = MISC 

This vulnerability affects Firefox < 89. er 

When drawing text onto a canvas with WebRender disabled, an 
snovilla=- firefox out of bounds read could occur. *This bug only affects Firefox on 2021-06-24 58 ee 

Windows. Other operating systems are unaffected.*. This er MISC 
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hospital_ management_system_in_pltetailsreports.php. Remote unauthenticated users can exploit the 


vulnerability to obtain database sensitive information. 

















MISC 


Primary oar P Cvss Source & Patch 
Vendor -- Product Bescmpron Published Score Info 
Mozilla developers reported memory safety bugs present in 
Firefox 88. Some of these bugs showed evidence of memory CVE-2021-29966 
mozilla -- firefox corruption and we presume that with enough effort some of these || 2021-06-24 6.8 MISC 
could have been exploited to run arbitrary code. This vulnerability MISC 
affects Firefox < 89. 
When Web Render components were destructed, a race condition 
could have caused undefined behavior, and we presume that with CVE-2021-29952 
mozilla -- firefox enough effort may have been exploitable to run arbitrary code. 2021-06-24 hal MISC 
This vulnerability affects Firefox < 88.0.1 and Firefox for Android < MISC 
88.1.3. 
Mozilla developers and community members reported memory 
safety bugs present in Firefox 87. Some of these bugs showed CVE-2021-29947 
mozilla -- firefox evidence of memory corruption and we presume that with enough || 2021-06-24 6.8 MISC 
effort some of these could have been exploited to run arbitrary MISC 
code. This vulnerability affects Firefox < 88. 
Ports that were written as an integer overflow above the bounds of oo 
Hie a 16-bit integer could have bypassed port blocking restrictions OR. Peper 
laste when used in the Alt-Svc header. This vulnerability affects Firefox aaa = ee 
ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. MISC 
When a download was initiated, the client did not check whether it 
mozilla -- firefox was in normal or private browsing mode, which led to private 2021-06-24 43 7 ns 
mode cookies being shared in normal browsing mode. This —— MISC 
vulnerability affects Firefox for iOS < 34. (araeas 
Mozilla developers reported memory safety bugs present in 
Firefox 88 and Firefox ESR 78.11. Some of these bugs showed a 
. : evidence of memory corruption and we presume that with enough Ree 
rciallla = Aitetox effort some of these could have been exploited to run arbitrary velo 6.8 nee 
code. This vulnerability affects Thunderbird < 78.11, Firefox < 89, MISC 
and Firefox ESR < 78.11. =< 
‘Thunderbird unprotects a secret OpenPGP key prior to using it for . s 
mozilla << thunderbird a decryption, signing or key import task. If the task runs into a 2021-06-24 5 wee 
failure, the secret key may remain in memory in its unprotected = MISC 
state. This vulnerability affects Thunderbird < 78.8.1. beeper 
CVE-2021-29063 
A Regular Expression Denial of Service (ReDOS) vulnerability MISC 
mpmath -- mpmath was discovered in Mpmath v1.0.0 when the mpmathify function is || 2021-06-21 5 MISC 
called. MISC 
MISC 
Bootloader contains a vulnerability in NVIDIA MB2 where a 
ee F potential heap overflow might allow an attacker to control all the re CVE-2021-34388 
peidigs |e soni RAM after the heap block, leading to denial of service or code Peas 4.8 CONFIRM 
execution. 
It was found in FreeBSD 8.0, 6.3 and 4.9, and OpenBSD 4.6 that —o 
openbsd -- openbsd a null pointer dereference in ftpd/popen.c may lead to remote 2021-06-22 5 MISC 
denial of service of the ftpd service. Rese 
MISC 
owasp -- It was found that all OWASP ESAPI for Java up to version 2.0 ee 
: . P : : 2021-06-22 4.3 MISC 
enterprise_security_api_for_java RC2 are vulnerable to padding oracle attacks. MISC 
PHPGurukul Hospital Management System in PHP v4.0 has a 
phpgurukul -- SQL injection vulnerability in \nms\check_availability.pbhp. Remote 2021-06-22 5 CVE-2020-22164 
hospital_management_system_in_plnmauthenticated users can exploit the vulnerability to obtain ae MISC 
database sensitive information. 
PHPGurukul Hospital Management System in PHP v4.0 has a 
phpgurukul -- SQL injection vulnerability in \nms\forgot-password.php. Remote 2021-06-22 5 CVE-2020-22166 
hospital_ management_system_in_plmauthenticated users can exploit the vulnerability to obtain ime MISC 
database sensitive information. 
PHPGurukul Hospital Management System in PHP v4.0 has a 
phpgurukul -- SQL injection vulnerability in \nms\user-login.php. Remote 2021-06-22 5 CVE-2020-22165 
hospital_management_system_in_plnmauthenticated users can exploit the vulnerability to obtain iad MISC 
database sensitive information. 
PHPGurukul Hospital Management System in PHP v4.0 has a 
phpgurukul -- SQL injection vulnerability in \nms\edit-profile.php. Remote 2021-06-22 5 CVE-2020-22173 
hospital_ management_system_in_pImauthenticated users can exploit the vulnerability to obtain 7 MISC 
database sensitive information. 
PHPGurukul Hospital Management System in PHP v4.0 has a 
phpgurukul -- SQL injection vulnerability in \nms\admin\betweendates- 2021-06-22 5 CVE-2020-22175 
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nexus_repository_manager 








the content of a blob file (via a GET request) without having been 





granted access. 

















CONFIRM 


Primary ae P Cvss Source & Patch 
Vendor -- Product Bescmpron Published Score Info 
PHPGurukul Hospital Management System in PHP v4.0 has a 
phpgurukul -- SQL injection vulnerability in \nms\book-appointment.php. Remote 2021-06-22 5 CVE-2020-22174 
hospital_ management_system_in_pImauthenticated users can exploit the vulnerability to obtain MISC 
database sensitive information. 
PHPGurukul Hospital Management System in PHP v4.0 has a 
phpgurukul -- sensitive information disclosure vulnerability in multiple areas. 2021-06-22 5 CVE-2020-22176 
hospital_management_system_in_pligemote unauthenticated users can exploit the vulnerability to i MISC 
obtain user sensitive information. 
PHPGurukul Hospital Management System in PHP v4.0 has a 
phpgurukul -- SQL injection vulnerability in \nms\get_doctor.php. Remote 2021-06-22 5 CVE-2020-22172 
hospital_management_system_in_plmauthenticated users can exploit the vulnerability to obtain se MISC 
database sensitive information. 
PHPGurukul Hospital Management System in PHP v4.0 has a 
phpgurukul -- SQL injection vulnerability in \nms\registration.php. Remote 2021-06-22 5 CVE-2020-22171 
hospital_ management_system_in_plmauthenticated users can exploit the vulnerability to obtain = MISC 
database sensitive information. 
PHPGurukul Hospital Management System in PHP v4.0 has a 
phpgurukul -- SQL injection vulnerability in \nms\appointment-history.php. 2021-06-22 5 CVE-2020-22169 
hospital_management_system_in_pligemote unauthenticated users can exploit the vulnerability to * MISC 
obtain database sensitive information. 
PHPGurukul Hospital Management System in PHP v4.0 has a 
phpgurukul -- SQL injection vulnerability in \nms\change-emaild.php. Remote CVE-2020-22168 
: ; : : i : 2021-06-22 5 MISC 
hospital_management_system_in_plnmauthenticated users can exploit the vulnerability to obtain MISC 
database sensitive information. ina 
PHPGurukul Hospital Management System in PHP v4.0 has a 
phpgurukul -- SQL injection vulnerability in \nms\get_doctor.php. Remote 2021-06-22 5 CVE-2020-22170 
hospital_management_system_in_plmauthenticated users can exploit the vulnerability to obtain ial MISC 
database sensitive information. 
phpIPAM 1.4.3 allows Reflected XSS via e : 
phpipam -- phpipam app/dashboard/widgets/ipcalc-result.php and app/tools/ip- 2021-06-23 4.3 oo 
calculator/result.php of the IP calculator. ——— 
‘The XML parser used in ConeXware PowerArchiver before CVE-2021-28684 
powerarchiver -- powerarchiver 20.10.02 allows processing of external entities, which might lead 2021-06-21 4.3 MISC 
to exfiltration of local files over the network (via an XXE attack). MISC 
An issue was discovered in the stripTags and unescapeHTML CVE-2020-27511 
eee components in Prototype 1.7.3 version 1.6 and below where an ne MISC 
proton pals RieuPS attacker can cause a Regular Expression Denial of Service eoevee) 5 MISC 
(ReDOS) through stripping crafted HTML tags. MISC 
RIOT-OS 2021.01 before commit 
ee sacs 85da504d2dc30188b89'44c3276fc5a25b31251f contains a buffer | 5454 06-19 o Wee 
overflow which could allow attackers to obtain sensitive ~ ARIE 
: ; CONFIRM 
information. 
RIOT-OS 2021.01 before commit CVE-2021-31661 
riot-os -- riot 609c9ada34da5546cffb632a98b7ba157c112658 contains a buffer || 2021-06-18 oS MISC 
overflow that could allow attackers to obtain sensitive information. CONFIRM 
RIOT-OS 2021.01 before commit 
; ; 07f1254d8537497552e7dce80364aaead9266bbe contains a peeE seta See 
riot-os -- riot : : a 2021-06-18 5 CONFIRM 
buffer overflow which could allow attackers to obtain sensitive MISC 
information. ——— 
RIOT-OS 2021.01 before commit CVE-2021-31663 
ristoe<<:Hot bc59d60be60dfc0a05def57d7498537 1e4f22d79 contains a buffer 2021-06-18 5 MISC 
overflow which could allow attackers to obtain sensitive = MISC 
information. CONFIRM 
RIOT-OS 2021.01 before commit 
; 44741 ff99f7a7 1df45420635b238b9c22093647a contains a buffer eid 
riot-os -- riot : ; Pe 2021-06-18 5 MISC 
overflow which could allow attackers to obtain sensitive CONFIRM 
information. fa 
SerenityOS contains a buffer overflow in the set_range test in CVE-2021-33185 
serenityos -- serenityos ‘TestBitmap which could allow attackers to obtain sensitive 2021-06-18 Hy = = aa 
: : CONFIRM 
information. 
, _ F SerenityOS in test-crypto.cpp contains a stack buffer overflow ARE CVE-2021-33186 
Serenityes = Sere nliyes which could allow attackers to obtain sensitive information. evel ues S CONFIRM 
An issue was discovered on 4GEE ROUTER HH7O0VB Version 
eingdo HH70_E1_02.00_22. Attackers can use slowhttptest tool to send ao 
A ia Satay hh7Ovb firmware incomplete HTTP request, which could make server keep waiting 2021-06-18 ey MISC 
gee_! = aad for the packet to finish the connection, until its resource MISC 
exhausted. Then the web server is denial-of-service. —— 
Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a 
sonatype -- remote authenticated attacker to get a list of blob files and read 2021-06-18 Fi CVE-2021-34553 








https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2e5e286 


11/32 








6/28/2021 


Vulnerability Summary for the Week of June 21, 2021 














































































































Primary ae P Cvss Source & Patch 
Vendor -- Product Bescmpron Pubilehed Score Info 
‘The npm package "striptags" is an implementation of PHP's 
strip_tags in Typescript. In striptags before version 3.2.0, a type- CVE-2021-32696 
confusion vulnerability can cause ‘striptags* to concatenate MISC 
striptags_project -- striptags unsanitized strings when an array-like object is passed in as the 2021-06-18 5 MISC 
“html parameter. This can be abused by an attacker who can CONFIRM 
control the shape of their input, e.g. if query parameters are MISC 
passed directly into the function. This can lead to a XSS. 
Use of hard-coded credentials vulnerability in php component in CVE-2021-34812 
synology -- calendar Synology Calendar before 2.4.0-0761 allows remote attackers to 2021-06-18 5 CONFIRM 
obtain sensitive information via unspecified vectors. egress 
Server-Side Request Forgery (SSRF) vulnerability in task 
= : management component in Synology Download Station before Ae CVE-2021-34811 
punclogy = dewalgaa Stator 3.8.16-3566 allows remote authenticated users to access intranet eee 4 CONFIRM 
resources via unspecified vectors. 
Improper privilege management vulnerability in cgi component in 
; Synology Download Station before 3.8.16-3566 allows remote CVE-2021-34810 
Punalogyreeinlhas Stauon authenticated users to execute arbitrary code via unspecified ete aes 85 CONFIRM 
vectors. 
Improper neutralization of special elements used in a command 
(‘Command Injection’) vulnerability in task management CVE-2021-34809 
synology -- download_station component in Synology Download Station before 3.8.16-3566 2021-06-18 6.5 AMS 
: F ; CONFIRM 
allows remote authenticated users to execute arbitrary code via 
unspecified vectors. 
Server-Side Request Forgery (SSRF) vulnerability in cgi 
= ; component in Synology Media Server before 1.8.3-2881 allows 16. CVE-2021-34808 
synology'— media_server remote attackers to access intranet resources via unspecified evenese 5 CONFIRM 
vectors. 
** DISPUTED ** Manuskript through 0.12.0 allows remote 
attackers to execute arbitrary code via a crafted settings.pickle file 
inaaioaeeke-~imanusknint in a project file, because there is insecure deserialization via the 2021-06-21 68 need 
9 P pickle.load() function in settings.py. NOTE: the vendor's position is ee MISC 
that the product is not intended for opening an untrusted project fees 
file. 
‘The Jannah WordPress theme before 5.4.4 did not properly 
: : sanitize the options JSON parameter in its tie_get_user_weather CVE-2021-24364 
Nclabs= Jannah AJAX action before outputting it back in the page, leading to a paves. 43 CONFIRM 
Reflected Cross-Site Scripting (XSS) vulnerability. 
: — ee F CVE-2020-19511 
= Cross Site Scriptiong vulnerability in Typesetter 5.1 via the !1) 06. uae 
RPeSerSt Gish Pesetieh className and !2) Description fields in index.php/Admin/Classes, evel ie-e) 4.3 here 
An issue was discovered in UniFi Protect G3 FLEX Camera CVE-2021-33820 
F : Version UVC.v4.30.0.67.Attacker could send a huge amount of MISC 
ibe eatnieie Boson umiware TCP SYN packet to make web service's resource exhausted. eal aill 5 MISC 
‘Then the web server is denial-of-service. MISC 
An issue was discovered in UniFi Protect G3 FLEX Camera 
Version UVC.v4.30.0.67. Attackers can use slowhttptest tool to v2 aranrnia 
ui -- camera_g3_flex_firmware send incomplete HTTP request, which could make server keep 2021-06-18 oa MISC 
waiting for the packet to finish the connection, until its resource MISC 
exhausted. Then the web server is denial-of-service. (aie 
It was found in vanilla forums before 2.0.10 a cross-site scripting CVE-2010-4264 
vanillaforums -- vanilla_forums vulnerability where a filename could contain arbitrary code to 2021-06-22 4.3 MISC 
execute on the client side. MISC 
wanillarorums:= vanilla forunis It was found in vanilla forums before 2.0.10 a potential linkbait 2021-06-22 58 CVE-2010-4266 
= vulnerability in dispatcher. ome MISC 
CVE-2021-29061 
F : : 7 MISC 
des ee A Regular Expression Denial of Service (ReDOS) vulnerability anaes 
Pelee kaa was discovered in Visjfilechooser2 version 0.2.9 and below which || 2021-06-21 c 
J occurs when the application attempts to validate crafted URIs. MISC 
MISC 
VMware Tools for Windows (11.x.y prior to 11.3.0) contains a 
denial-of-service vulnerability in the VM3DMP driver. A malicious 
_ actor with local user privileges in the Windows guest operating 6. CVE-2021-21997 
panbaronet eels system, where VMware Tools is installed, can trigger a PANIC in ere ue le 4.9 MISC 
the VM3DMP driver leading to a denial-of-service condition in the 
Windows guest operating system. 
White Shark System (WSS) 1.3.2 has a SQL injection 
white_shark_systems_ project -- vulnerability. The vulnerability stems from the log_edit.php files 2021-06-21 5 CVE-2020-20469 
white_shark_systems failing to filter the csa_to_user parameter, remote attackers can * MISC 
exploit the vulnerability to obtain database sensitive information. 
; : White Shark System (WSS) 1.3.2 is vulnerable to sensitive 
ehite celiatk Systems pigiect = information disclosure via default_task_add.php, remote attackers || 2021-06-21 6.4 ee 


white_shark_systems 








can exploit the vulnerability to create a task. 

















MISC 








https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2e5e286 


12/32 








6/28/2021 


Vulnerability Summary for the Week of June 21, 2021 












































































































































Primary ae ; Cvss Source & Patch 
Vendor -- Product Descmption rublened | Score Info 
; ; White Shark System (WSS) 1.3.2 is vulnerable to CSRF. Attackers 
eit Stank Sy eters bile can use the user_edit_password.php file to modify the user 2021-06-21 4.3 CVE-2020-20468 
white_shark_systems MISC 
password. 
white_shark_systems_ project -- White Shark System (WSS) 1.3.2 has web site physical path CVE-2020-20470 
y i 2021-06-21 5 
white_shark_systems leakage vulnerability. MISC 
White Shark System (WSS) 1.3.2 has a sensitive information 
white_shark_systems_ project -- disclosure vulnerability. The if_get_addbook.php file does not 2021-06-21 5 CVE-2020-20472 
white_shark_systems have an authentication operation. Remote attackers can obtain = MISC 
username information for all users of the current site. 
White Shark System (WSS) 1.3.2 has a SQL injection 
: ; vulnerability. The vulnerability stems from the 
jwnite_shark_systems_project~ _—_default_task_edituser.php files failing to filter the csa_to_user 2021-06-21 5 oe 
= SY parameter. Remote attackers can exploit the vulnerability to obtain fears 
database sensitive information. 
White Shark System (WSS) 1.3.2 has a SQL injection 
: : vulnerability. The vulnerability stems from the control_task.php, 
ial acest aaa ~ control_project.php, default_user.php files failing to filter the sort 2021-06-21 i) a 
= SY parameter. Remote attackers can exploit the vulnerability to obtain ——— 
database sensitive information. 
Cross Site Scripting (XSS) in Wuzhi CMS v4.1.0 allows remote CVE-2020-18654 
lwuzhicms -- wuzhicms attackers to execute arbitrary code via the "Title" parameter in the || 2021-06-22 4.3 MISC. 
component "/coreframe/app/guestbook/myissue.php". [eae 
No filtering of cross-site scripting (XSS) payloads in the CVE-2021-26835 
zettlr -- zettlr markdown-editor in Zettlr 1.8.7 allows attackers to perform remote |} 2021-06-18 43 MISC 
code execution via a crafted file. MISC 
Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a CVE-2020-18442 
zziplib_ project -- zziplib denial of service via the return value "zzip_file_read" in the 2021-06-18 4.3 MISC... 
function "unzzip_cat_file". (eases 
Back to top 
Low Vulnerabilities 
Primary eons ; Cvss Source & Patch 
Vendor -- Product Desorption Published Score Info 
‘The Admin Columns Free WordPress plugin before 4.3 and Admin 
Columns Pro WordPress plugin before 5.5.1, rendered input on . : 
, : the posted pages with improper input validation on the value CVE-2021-24366 
admincolumns -- admin_columns : ink f : : 2021-06-21 35 CONFIRM 
passed into the field 'Label' parameter, by taking this as an MISC 
advantage an authenticated attacker can supply a crafted arbitrary (perce 
script and execute it. 
The Autoptimize WordPress plugin before 2.7.8 does not check 
for malicious files such as .html in the archive uploaded via the 
ning __ 5 ‘Import Settings’ feature. As a result, it is possible for a high OR. CVE-2021-24378 
PuLOpUnze eulopunize privilege user to upload a malicious file containing JavaScript code eked 3.5 CONFIRM 
inside an archive which will execute when a victim visits 
index.html inside the plugin directory. 
In the GetPaid WordPress plugin before 2.3.4, users with the 
contributor role and above can create a new Payment Form, 
however the Label and Help Text input fields were not getting CVE-2021-24369 
ayecode -- getpaid sanitized properly. So it was possible to inject malicious content 2021-06-21 3:5 CONFIRM 
such as img tags, leading to a Stored Cross-Site Scripting issue eae 
which is triggered when the form will be edited, for example when 
an admin reviews it and could lead to privilege escalation. 
CVE-2021-34815 
2 CheckSec Canopy before 3.5.2 allows XSS attacks against the 0g. MISC 
GheGkeae <-Camapy login page via the LOGIN_PAGE_DISCLAIMER parameter. 2021-06-18 | 25 iwisc 
MISC 
‘The WP Google Maps WordPress plugin before 8.1.12 did not i uy 
eSdeeabin=wecaooule iiabs sanitise, validate of escape the Map Name when output in the 2021-06-21 35 ana 
P_google_map Map List of the admin dashboard, leading to an authenticated —— MISC. 
Stored Cross-Site Scripting issue (pees 
A 7 ; Cross Site Scripting vulnerability in GetSimpleCMS 3.4.0a in ne. CVE-2020-20391 
Ge simiple = igetsimpleeme admin/snippets.php via (1) Add Snippet and (2) Save snippets. sarlaal clea 38 MISC 
Cross Site Scripting vulnerability in GetSimpleCMS 3.3.16 in CVE-2021-28977 
get-simple -- getsimplecms admin/upload.php by adding comments or jpg and other file 2021-06-23 3.5. MSC..OC~C~™SN 
header information to the content of xla, pages, and gzip files, = 
get-simple -- getsimplecms Cross Site Scripting (XSS) vulnerability in GetSimpleCMS 3.4.0a 2021-06-23 | 3.5 CVE-2020-20389 











in admin/edit.php. 

















MISC 
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google -- android 


In onStart of ContactsDumpActivity.java, there is possible access 


ito contacts due to a tapjacking/overlay attack. This could lead to 
local information disclosure with User execution privileges 
needed. User interaction is needed for exploitation.Product: 
AndroidVersions: Android-11Android ID: A-174045870 


2021-06-22 


CVE-2021-0569 
MISC 





google -- android 


In sspRequestCallback of BondStateMachine.java, there is a 


possible leak of Bluetooth MAC addresses due to log information 
disclosure. This could lead to local information disclosure with 
System execution privileges needed. User interaction is not 
needed for exploitation.Product: AndroidVersions: Android- 
11Android ID: A-183961896 


2021-06-22 


CVE-2021-0549 
MISC 








google -- android 


In doNotification of AccountManagerService.java, there is a 
possible permission bypass due to an unsafe PendingIntent. This 
could lead to local information disclosure with User execution 
privileges needed. User interaction is not needed for 
exploitation.Product: AndroidVersions: Android-11Android ID: A- 
177931355 


2021-06-22 


CVE-2021-0572 
MISC 





google -- android 


In accessAudioHalPidscpp of TimeCheck.cpp, there is a possible 


out of bounds read due to a missing bounds check. This could 
lead to local information disclosure with System execution 
privileges needed. User interaction is not needed for 
exploitation.Product: AndroidVersions: Android-11Android ID: A- 
175894436 


2021-06-22 


CVE-2021-0566 
MISC 








google -- android 


In in264e_fmt_conv_422i_to_420sp of ih264e_fmt_conv.c, there is 
a possible out of bounds read due to a heap buffer overflow. This 
could lead to local information disclosure with no additional 
execution privileges needed. User interaction is not needed for 
exploitation.Product: AndroidVersions: Android-11Android ID: A- 
172908358 


2021-06-22 


CVE-2021-0563 
MISC 





google -- android 


In RasterlntraUpdate of motion_est.cpp, there is a possible out of 


bounds read due to an incorrect bounds check. This could lead to 
local information disclosure with no additional execution privileges 
needed. User interaction is not needed for exploitation.Product: 
AndroidVersions: Android-11Android ID: A-176084648 


2021-06-22 


CVE-2021-0562 
MISC 





google -- android 


In append_to_verify_fifo_interleaved_ of stream_encoder.c, there 


is a possible out of bounds write due to a missing bounds check. 
This could lead to local information disclosure with no additional 
execution privileges needed. User interaction is not needed for 
exploitation.Product: AndroidVersions: Android-11Android ID: A- 
174302683 


2021-06-22 


CVE-2021-0561 
MISC 








google -- android 


In getBlockSum of fastcodemb.cpp, there is a possible out of 
bounds read due to a heap buffer overflow. This could lead to 
local information disclosure with no additional execution privileges 
needed. User interaction is not needed for exploitation.Product: 
AndroidVersions: Android-11Android ID: A-172716941 


2021-06-22 


CVE-2021-0556 
MISC 








google -- android 


In isBackupServiceActive of BackupManagerService.java, there is 
a missing permission check. This could lead to local information 
disclosure with no additional execution privileges needed. User 
interaction is not needed for exploitation.Product: 
AndroidVersions: Android-11Android ID: A-158482162 


2021-06-22 


CVE-2021-0554 
MISC 








google -- android 


In getEndltemSliceAction of MediaOutputSlice.java, there is a 
possible permission bypass due to an unsafe PendingIntent. This 
could lead to local information disclosure with User execution 
privileges needed. User interaction is not needed for 
exploitation.Product: AndroidVersions: Android-11Android ID: A- 
175124820 


2021-06-22 


CVE-2021-0552 
MISC 





google -- android 


In updateNotification of BeamTransferManager.java, there is a 


missing permission check. This could lead to local information 
disclosure of paired Bluetooth addresses with no additional 
execution privileges needed. User interaction is needed for 
exploitation.Product: AndroidVersions: Android-11Android ID: A- 
168712890 


2021-06-22 


CVE-2021-0542 
MISC 








google -- android 











In phNxpNciHal_ext_process_nfc_init_rsp of phNxpNciHal_ext.cc, 
there is a possible out of bounds read due to a missing bounds 
check. This could lead to local information disclosure in the NFC 
server with System execution privileges needed. User interaction 
is not needed for exploitation.Product: AndroidVersions: Android- 
11Android ID: A-169258455 








2021-06-22 











CVE-2021-0541 
MISC 
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google -- android 


In getAllPackages of PackageManagerService, there is a possible 


information disclosure due to a missing permission check. This 
could lead to local information disclosure of cross-user 
permissions with no additional execution privileges needed. User 
interaction is not needed for exploitation.Product: 
AndroidVersions: Android-11 Android-8.1 Android-9 Android- 
10Android ID: A-174661955 


2021-06-21 


CVE-2021-0521 
MISC 





google -- android 


In avrc_pars_browse_rsp of avrc_pars_ct.cc, there is a possible 


out of bounds read due to a missing bounds check. This could 
lead to remote information disclosure over Bluetooth with no 
additional execution privileges needed. User interaction is not 
needed for exploitation.Product: AndroidVersions: Android- 
11Android ID: A-179162665 


2021-06-21 


CVE-2021-0504 
MISC 








icehrm -- icehrm 


A stored cross site scripting (XSS) vulnerability was discovered in 
Ice Hrm 29.0.0.0S which allows attackers to execute arbitrary 
web scripts or HTML via a crafted file uploaded into the Document 
Management tab. The exploit is triggered when a user visits the 
upload location of the crafted file. 


2021-06-22 


CVE-2021-34243 
MISC 








jpress -- jpress 


An issue was discovered in JPress v3.3.0 and below. There are 
XSS vulnerabilities in the template module and tag management 
module. If you log in to the background by means of weak 
password, the storage XSS vulnerability can occur. 


2021-06-18 


CVE-2021-33347 
MISC 
MISC 





phpgurukul -- 


PHPGurukul Hospital Management System in PHP v4.0 has a 


Persistent Cross-Site Scripting vulnerability in 


hospital_ management_system_in_pl\ams\admin\appointment-history.php. Remote registered users 


can exploit the vulnerability to obtain user cookie data. 


2021-06-22 


ICVE-2020-22167 
MISC 








podsfoundation -- pods 


The Pods a€“ Custom Content Types and Fields WordPress 
plugin before 2.7.27 was vulnerable to an Authenticated Stored 
Cross-Site Scripting (XSS) security vulnerability within the 'Menu 
Label’ field parameter. 


2021-06-21 


CVE-2021-24339 
MISC 
CONFIRM 





podsfoundation -- pods 


The Pods a€“ Custom Content Types and Fields WordPress 


plugin before 2.7.27 was vulnerable to an Authenticated Stored 
Cross-Site Scripting (XSS) security vulnerability within the 
"Singular Label field parameter. 


2021-06-21 


CVE-2021-24338 


CONFIRM 
MISC 


is le is ler is es R 
In in In on In (es) j— 








wp_config_file_editor_project -- 


The WP Config File Editor WordPress plugin through 1.7.1 was 


CVE-2021-24367 







































































wp _config_file editor affected by an Authenticated Stored Cross-Site Scripting (XSS) 2021-06-21 FH) CONFIRM 
vulnerability. ——— 
A cross-site scripting (XSS) vulnerability exists in Znote 0.5.2. An CVE-2021-26834 
Znote -- znote attacker can insert payloads, and the code execution will happen 2021-06-18 3.5 MISC 
immediately on markdown view mode. MISC 
Back to top 
Severity Not Yet Assigned 
Primary oars : Cvss Source & Patch 
Vendor -- Product Desenpdan Published Score Info 
aavantechic Opening a maliciously crafted project file may cause an out-of- 
Webacesss- hini=desioner bounds write, which may allow an attacker to execute arbitrary 2021-06-24 not yet |CVE-2021-33002 
nmi_desig code. User interaction is require on the WebAccess HMI Designer calculated |MISC 
(versions 2.1.9.95 and prior). 
advanieaht- Parsing a maliciously crafted project file may cause a heap-based 
, . buffer overflow, which may allow an attacker to perform arbitrary re not yet |CVE-2021-33000 
eb eeeos Me eelnet code execution. User interaction is required on the WebAccess eevee? calculated |MISC 
HMI Designer (versions 2.1.9.95 and prior). 
The affected product is vulnerable to memory corruption condition 
advantech -- due to lack of proper validation of user supplied files, which may by e 
webaccess_hmi_designer allow an attacker to execute arbitrary code. User interaction is 2021-06-24 é ais d ees 
required on the WebAccess HMI Designer (versions 2.1.9.95 and beens 
prior). 
AAmpache is an open source web based audio/video streaming 
application and file manager. Due to a lack of input filtering CVE-2021-32644 
ampache -- ampache versions 4.x.y are vulnerable to code injection in random.php. The 2021-06-22 not yet CONFIRM 
attack requires user authentication to access the random.php calculated MISC. 








page unless the site is running in demo mode. This issue has 





been resolved in 4.4.3. 
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The AuthO Next.js SDK is a library for implementing user 
authentication in Next.js applications. Versions before and 
including °1.4.1° are vulnerable to reflected XSS. An attacker can 
execute arbitrary code by providing an XSS payload in the ‘error 


query parameter which is then processed by the callback handler Bs Aee ES ESL 


Se eee as an error message. You are affected by this vulnerability if you 2021-06-25 Pile ae ri 
are using ‘@auth0/nextjs-authO’ version “1.4.1> or lower MISC. 


**unless** you are using custom error handling that does not 
return the error message in an HTML response. Upgrade to 
version °1.4.1° to resolve. The fix adds basic HTML escaping to 
ithe error message and it should not impact your users. 


An Arbitrary Address Write issue in the Autodesk DWG application 
autodesk -- autodesk_dwg can allow a malicious user to leverage the application to write in 
unexpected paths. In order to exploit this the attacker would need 
the victim to enable full page heap in the application. 


A maliciously crafted DWG file can be used to write beyond the 
allocated buffer while parsing DWG files. This vulnerability can be || 2021-06-25 
exploited to execute arbitrary code. 


A maliciously crafted DWG file can be used to write beyond the 
allocated buffer while parsing DWG files. The vulnerability exists 
because the application fails to handle a crafted DWG file, which 2021-06-25 
causes an unhandled exception. An attacker can leverage this 
vulnerability to execute arbitrary code. 


[A maliciously crafted DWG file can be forced to read beyond 
allocated boundaries when parsing the DWG file. This vulnerability|| 2021-06-25 
can be exploited to execute arbitrary code. 


avaya A privilege escalation vulnerability was discovered in Avaya Aura 
eer : ae Appliance Virtualization Platform Utilities (AVPU) that may ne. not yet |CVE-2021-25653 

aura_appliance_virtualization_platfotfa EHRES allow a local user to escalate privileges. Affects 8.0.0.0 eoeaees calculated |MISC 

through 8.1.3.1 versions of AVPU. 


An information disclosure vulnerability was discovered in the 
directory and file management of Avaya Aura Appliance 
Virtualization Platform Utilities (AVPU). This vulnerability may 6. not yet |CVE-2021-25652 
rut ca allow any local user to access system functionality and eoeiiees calculated ||MISC 
configuration information that should only be available to a 
privileged user. Affects versions 8.0.0.0 through 8.1.3.1 of AVPU. 


An arbitrary code execution vulnerability was discovered in Avaya 
avaya -- aura_device_services Aura Device Services that may potentially allow a local user to 2021-06-25 not yet ||CVE-2021-25654 
execute specially crafted scripts. Affects 7.0 through 8.1.4.0 calculated |MISC 

versions of Avaya Aura Device Services. 


A vulnerability in the system Service Menu component of Avaya 
avaya -- aura_experience_portal Aura Experience Portal may allow URL Redirection to any 








notyet CVE-2021-27043 


2021-06-25 |! calculated |IMISC 








autodesk -- dwg not yet |CVE-2021-27041 


calculated ||MISC 











autodesk -- dwg not yet |CVE-2021-27042 


calculated ||MISC 








autodesk -- dwg not yet CVE-2021-27040 


calculated ||MISC 

















avaya -- 
aura_appliance_virtualization_platfor 














not yet CVE-2021-25655 








untrusted site through a crafted attack. Affected versions include oe calculated |MISC 

7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix). 

Stored XSS injection vulnerabilities were discovered in the Avaya 
avaya -- Aura Experience Portal Web management which could allow an t . 
aura_experience_portal_web authenticated user to potentially disclose sensitive information. 2021-06-24 ye. 


Affected versions include 7.0 through 7.2.3 (without hotfix) and calculated (MISC 


8.0.0 (without hotfix). 


** UNSUPPORTED WHEN ASSIGNED ** An information 
disclosure vulnerability was discovered in the directory and file 
management of Avaya Aura Utility Services. This vulnerability may 
potentially allow any local user to access system functionality and |} 2021-06-24 
configuration information that should only be available to a 
privileged user. Affects all 7.x versions of Avaya Aura Utility 
Services. 


** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation 
vulnerability was discovered in Avaya Aura Utility Services that 
may potentially allow a local user to execute specially crafted 2021-06-24 
scripts as a privileged user. Affects all 7.x versions of Avaya Aura 
Utility Services. 


** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation 
avaya -- aura_utility_services vulnerability was discovered in Avaya Aura Utility Services that 
may potentially allow a local user to escalate privileges. Affects all 
7.x versions of Avaya Aura Utility Services. 


Ballerina is an open source programming language and platform 
for cloud application programmers. Ballerina versions 1.2.x and 
SL releases up to alpha 3 have a potential for a supply chain 
attack via MiTM against users. Http connections did not make use 
of TLS and certificate checking was ignored. The vulnerability 2021-06-22 








avaya -- aura_utility_services not yet ||CVE-2021-25649 


calculated ||MISC 








avaya -- aura_utility_services not yet |CVE-2021-25650 


calculated ||MISC 








notyet |CVE-2021-25651 


2021-06-24 |! aIcuiated |IMISC 








CVE-2021-32700 


ballerina-platform -- ballerina-lang CONFIRM 


not yet 


allows an attacker to substitute or modify packages retrieved from ealeulated MISC 


BC thus allowing to inject malicious code into ballerina 
executables. This has been patched in Ballerina 1.2.14 and 
Ballerina SwanLake alpha4. 
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bitdefender -- 
bitdefender_total_security 


Improper Certificate Validation vulnerability in the Online Threat 


Prevention module as used in Bitdefender Total Security allows an 
attacker to potentially bypass HTTP Strict Transport Security 
(HSTS) checks. This issue affects: Bitdefender Total Security 
versions prior to 25.0.7.29. Bitdefender Internet Security versions 
prior to 25.0.7.29. Bitdefender Antivirus Plus versions prior to 
25.0.7.29. 


2021-06-22 


not yet 
calculated 





CVE-2020-15732 
MISC 





bluetooth -- 
bluetooth_core_specifications 


Unencrypted Bluetooth Low Energy baseband links in Bluetooth 


Core Specifications 4.0 through 5.2 may permit an adjacent 
device to inject a crafted packet during the receive window of the 
listening device before the transmitting device initiates its packet 
transmission to achieve full MITM status without terminating the 
link. When applied against devices establishing or using encrypted 
links, crafted packets may be used to terminate an existing link, 
but will not compromise the confidentiality or integrity of the link. 


2021-06-25 


not yet 
calculated 


CVE-2021-31615 
MISC 
MISC 








catfish_cms -- catfish_cms 


A cross site scripting (XSS) vulnerability in Catfish CMS 4.9.90 
allows attackers to execute arbitrary web scripts or HTML via a 
crafted payload entered into the "announcement_gonggao" 
parameter. 


2021-06-23 


not yet 
calculated 


CVE-2020-23962 
MISC 





connectwise_automate -- 


An XXE vulnerability exists in ConnectWise Automate before 


CVE-2021-35066 














: not yet 
connectwise_automate 2021.0.6.132. 2021-06-21 calculated MISC 
MISC 
Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through CVE-2021-35210 
contao -- contao 4.11.x before 4.11.5, allows XSS. It is possible to inject code into 2021-06-23 not yet CONFIRM 
the tl_log table that will be executed in the browser when the calculated CONFIRM 
system log is called in the back end. er 
crmeb -- crmeb CRMEB 3.1.0+ is vulnerable to File Upload Getshell via 2021-06-24 not yet CVE-2020-21787 
/crmeb/crmeb/services/UploadService.php. calculated ||MISC 








crmeb -- crmeb 


In CRMEB 3.1.0+ strict domain name filtering leads to 
SSRF(Server-Side Request Forgery). The vulnerable code is in 


2021-06-24 


not yet 
calculated 


CVE-2020-21788 














file /crmeb/app/admin/controller/store/CopyTaobao.php. MISC 
There is an arbitrary password modification vulnerability in a D- 

d-link -- router LINK DSL-2888A router product. An attacker can use this 2021-06-24 not yet nee 
vulnerability to modify the password of the admin user without calculated MISC 
authorization. (aeeaeas 
Dell BIOSConnect feature contains a buffer overflow vulnerability. 

dell -- biosconnect An authenticated malicious admin user with local access to the 2021-06-24 not yet CVE-2021-21573 
system may potentially exploit this vulnerability to run arbitrary calculated |CONFIRM 


code and bypass UEFI restrictions. 





Dell BIOSConnect feature contains a buffer overflow vulnerability. 











dell -- biosconnect An authenticated malicious admin user with local access to the 2021-06-24 not yet |CVE-2021-21574 
system may potentially exploit this vulnerability to run arbitrary calculated |CONFIRM 
code and bypass UEFI restrictions. 
Dell BIOSConnect feature contains a buffer overflow vulnerability. 

dell -- biosconnect An authenticated malicious admin user with local access to the 2021-06-24 not yet |CVE-2021-21572 
system may potentially exploit this vulnerability to run arbitrary calculated |CONFIRM 


code and bypass UEFI restrictions. 











dell -- uefi_bios 





Dell UEFI BIOS https stack leveraged by the Dell BlIOSConnect 


feature and Dell HTTPS Boot feature contains an improper 
certificate validation vulnerability. A remote unauthenticated 
attacker may exploit this vulnerability using a person-in-the-middle 
attack which may lead to a denial of service and payload 
tampering. 











2021-06-24 





not yet 
calculated 








CVE-2021-21571 
CONFIRM 
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0xB49E984A83d7A638E7F2889fc8328952BA951AbE, an 





implementation for MillionCoin (MON). 














Prima sai : CVSS Source & Patch 
Vendor -- Proiick Descmprion Publlehed Score Info 
DHIS 2 is an information system for data capture, management, 
validation, analytics and visualization. A SQL injection security 
vulnerability has been found in specific versions of DHIS2. This 
vulnerability affects the /api/trackedEntityInstances API endpoint 
in DHIS2 versions 2.34.4, 2.35.2, 2.35.3, 2.35.4, and 2.36.0. 
Earlier versions, such as 2.34.3 and 2.35.1 and all versions 2.33 
and older are unaffected. The system is vulnerable to attack only 
from users that are logged in to DHIS2, and there is no known 
way of exploiting the vulnerability without first being logged in as a 
DHIS2 user. A successful exploit of this vulnerability could allow 
dhis2 -- dhis2_core the malicious user to read, edit and delete data in the DHIS2 2021-06-24 not yet |CVE-2021-32704 
instance. There are no known exploits of the security calculated |CONFIRM 
vulnerabilities addressed by these patch releases. However, we 
strongly recommend that all DHIS2 implementations using 
versions 2.34, 2.35 and 2.36 install these patches as soon as 
possible. There is no straightforward known workaround for 
DHIS2 instances using the Tracker functionality other than 
upgrading the affected DHIS2 server to one of the patches in 
which this vulnerability has been fixed. For implementations which 
do NOT use Tracker functionality, it may be possible to block all 
network access to POST to the /api/trackedEntityInstance 
endpoint as a temporary workaround while waiting to upgrade. 
or ee A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds 
djvulibre — djvulibre virile infunciion DANVU:iller bvO) via ctafied djviila may lead to. || 202162a eatin canes 
application crash and other consequences. calcurated jis 
nope a A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer 
Givalibre:-<lhvulire vaifiGw in function DIVE Bitmap. decoda(rva waned djvu file || 2021-06-24 | not yet | — 
may lead to application crash and other consequences. calcurated jis 
rr eer A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds 
djvulibre — djvulibre yead ih function DUVU:-DataPool‘has. dala) via craflad du fila, || 2021064 alee — 
may lead to application crash and other consequences. calcurated jis 
ue are A flaw was found in djvulibre-3.5.28 and earlier. A Stack overflow 
Givalibe = eljvalipre in fanetion DJVUsDivuBosumnent-det diva fleOviacaned diva || 3024-0828 ab ae — 
file may lead to application crash and other consequences. calcurated js 
ae err A flaw was found in djvulibre-3.5.28 and earlier. An integer 
pense eayuels overflow in function rander() in tocls/édjva via crafted a file may|] 2021-06-24 | Tol vet oo 
lead to application crash and other consequences. calcurated jis 
In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use 
eclipse -- birt query parameters to create a JSP file which is accessible from 2021-06-25 not yet |CVE-2021-34427 
remote (current BIRT viewer dir) to inject JSP code into the calculated |CONFIRM 
running instance. 
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, ifan 
exception is thrown from the SessionListener#sessionDestroyed() 
eclipse -- jetty method, then the session ID is not invalidated in the session ID not yet CVE-2021-34428 
manager. On deployments with clustered sessions and multiple 2021-06-22 calculated CONFIRM 
contexts this can result in a session not being invalidated. This MLIST 
can result in an application used on a shared computer being left 
logged in. 
eLabFTW is an open source electronic lab notebook for research 
elabftw -- elabftw labs. This vulnerability allows an attacker to make GET requests not yet CVE-2021-32698 
on behalf of the server. It is "blind" because the attacker cannot 2021-06-21 calculated MISC 
see the result of the request. Issue has been patched in eLabFTW CONFIRM 
4.0.0. 
Emote Interactive Remote Mouse 3.008 on Windows allows CVE-2021-35448 
emote -- interactive_remote_mouse |jattackers to execute arbitrary programs as Administrator by using 2024-06-24 not yet MISC... 
the Image Transfer Folder feature to navigate to cmd.exe. It binds calculated MISC 
to local ports to listen for incoming connections. = 
CVE-2020-17753 
MISC 
An issue was discovered in function addMeByRC in the smart MISC 
ethereum -- ethereum contract implementation for RC, an Ethereum token, allows 2021-06-24 not yet MISC 
attackers to transfer an arbitrary amount of tokens to an arbitrary calculated |MISC 
address. MISC 
MISC 
MISC 
Integer overflow vulnerability in payable function of a smart 
athersun<ketharaumn contract implementation for an Ethereum token, as demonstrated not yet CVE-2020-17752 
by the smart contract implemented at address 2021-06-24 calculated MISC 


MISC 











https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2e5e286 


18/32 








6/28/2021 


Vulnerability Summary for the Week of June 21, 2021 





































































































Prima’ ar : CVSS Source & Patch 
Vendor -- Prsiick Bescmpron Publlehed Score Info 
ETINET BACKBOX E4.09 and H4.09 mismanages password 
access control. When a user uses the User ID of the process 
running BBSV to login to the Backbox UI application, the system CVE-2021-33895 
etinet -- backbox procedure (USER_AUTHENTICATE_) used for verifying the 2021-06-25 not yet MISC... 
Password returns 0 (no error). The reason is that the user is not calculated MISC 
running the XYGate application. Hence, BBSV assumes the _—— 
Password is correct. For H4.09, the affected version 
isTO954V04‘AAO. For E4.09, the affected version is 22SEP2020. 
Cross-site scripting vulnerability in ETUNA EC-CUBE plugins 
(Delivery slip number plugin (3.0 series) 1.0.10 and earlier, CVE-2021-20735 
atiinacseeeube Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 not yet MISC 
and earlier, and Delivery slip number mail plugin (3.0 series) 1.0.8 || 2021-06-22 éalculated MISC 
and earlier) allows remote attackers to inject an arbitrary script by MISC 
executing a specific operation on the management page of EC- MISC 
CUBE. 
An issue was found in the Evernote client for Windows 10, 7, and 
evernote -- evernote 2008 in the protocol handler. This enables attackers for arbitrary 2021-06-24 not yet ||CVE-2020-17759 
command execution if the user clicks on a specially crafted URL. calculated |MISC 
AKA: WINNOTE-19941. 
A Denial-of-Service (DoS) vulnerability was discovered in F- 
Secure Linux Security whereby the FSAVD component used in CVE-2021-33572 
f-secure -- f-secure certain F-Secure products can crash while scanning larger 2021-06-21 not yet MISC... 
packages/fuzzed files. The exploit can be triggered remotely by an calculated MISC 
attacker. A successful attack will result in Denial-of-Service (DoS) pemereral 
of the Anti-Virus engine. 
Vulnerability in Fidelis Network and Deception CommandPost 
enables authenticated command injection through the web 
fidelis_network_and_deception -- interface. The vulnerability could allow a specially crafted HTTP 
Fidelis network-and=deception com request de execute system commands on the CommandPost and 2021-06-25 not yet |CVE-2021-35049 
= SS pion rSUMY results in an HTTP response in an authenticated session. calculated |CONFIRM 
The vulnerability is present in Fidelis Network and Deception 
versions prior to 9.3.7 and in version 9.4. Patches and updates 
are available to address this vulnerability. 
User credentials stored in a recoverable format within Fidelis 
Network and Deception CommandPost. In the event that an 
fidelis_network_and_deception -- _|jattacker gains access to the CommandPost, these values could not yet |CVE-2021-35050 
fidelis_network_and_deception_com/eanktwosted and used to login to the application. The vulnerability || 2021-06-25 calculated CONFIRM. 
is present in Fidelis Network and Deception versions prior to 9.3.3. ——— 
‘This vulnerability has been addressed in version 9.3.3 and 
subsequent versions. 
Vulnerability in the CommandPost, Collector, and Sensor 
components of Fidelis Network and Deception enables an attacker 
fidelis_network_and_deception -- with user level access to the CLI to inject root level commands not yet ||CVE-2021-35047 
fidelis_network_and_deception_com/imémdipesiomponent and neighboring Fidelis components. The 2021-06-25 calculated CONFIRM. 
vulnerability is present in Fidelis Network and Deception versions legeanar aeons: 
prior to 9.3.7 and in version 9.4. Patches and updates are 
available to address this vulnerability. 
Vulnerability in Fidelis Network and Deception CommandPost 
enables unauthenticated SQL injection through the web interface. 
fidelis_network_and_deception -- The vulnerability could lead to exposure of authentication tokens not yet ||CVE-2021-35048 
fidelis_network_and_deception_com/imasmpestersions of Fidelis software. The vulnerability is present in|} 2021-06-25 calculated CONFIRM. 
Fidelis Network and Deception versions prior to 9.3.7 and in peeeen aa anc 
version 9.4. Patches and updates are available to address this 
vulnerability. 
The blockchain node in FISCO-BCOS V2.7.2 may have a bug 
when dealing with unformatted packet and lead to a crash. A 
‘ : malicious node can send a packet continuously. The packet is in 
fseo@eds > Neeu-bras an incorrect format and cannot be decoded by the node correctly. || 2021-06-24 : . d — 
As a result, the node may consume the memory sustainably and calculated |Milsy 
crash. More details are shown at: https://github.com/FISCO- 
BCOS/FISCO-BCOS/issues/1951 
getsimplecms -- getsimplecms Remote Code Execution vulnerability in GetSimpleCMS before 2021-06-23 not yet ||CVE-2021-28976 
3.3.16 in admin/upload.php via phar filess. calculated |MISC 
, og es : CVE-2020-18657 
: F Cross Site Scripting (XSS) vulnerability in GetSimpleCMS <= mika = oS 
getsimplecma-<<Gesmpirens 3.3.15 in eal a Sere ai via the veaireet Hi parameter 2021-06-23 i ae Were 
and the headers_sent function. ogee MISC 
atsimplecnis:= aeisinplecms GetSimpleCMS <=3.3.15 has an open redirect in not vet ——— 
9 P 9 P admin/changedata.php via the redirect function to the url 2021-06-23 y Pe Teoes 
parameter. calculated Were 
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sufficiently. Attackers can exploit this vulnerability by sending 
malicious parameters to inject command. This can compromise 





normal service. 














Prima aT : CVSS Source & Patch 
Vendor -- Prdlick Pescmpton Publlehed Score Info 
CVE-2020-18662 
gnuboard5 -- gnuboard5 SQL Injection vulnerability in gnuboard5 <=v5.3.2.8 via the 2021-06-24 not yet MISC 
table_prefix parameter in install_db.php. calculated |MISC 
MISC 
CVE-2020-18663 
gnuboard5 -- gnuboard5 Cross Site Scripting (XSS) vulnerability in gnuboard5 <=v5.3.2.8 2021-06-24 not yet MISC 
via the act parameter in bbs/move_update.php. calculated |MISC 
MISC 
CVE-2020-18661 
gnuboard5 -- gnuboard5 Cross Site Scripting (XSS) vulnerability in gnuboard5 <=v5.3.2.8 2021-06-24 not yet MISC 
via the url parameter to bbs/login.php. calculated |MISC 
MISC 
Improper authorization in handler for custom URL scheme CVE-2021-20733 
google -- android vulnerability in ????????? (asken diet) for Android versions from 2021-06-22 not yet MISC... 
v.3.0.0 to v.4.2.x allows a remote attacker to lead a user to access calculated MISC 
an arbitrary website via the vulnerable App. pesca 
A vulnerability in agent program of HelpU remote control solution CVE-2020-7862 
helpu -- helpu could allow an authenticated remote attacker to execute arbitrary 2021-06-24 not yet MISC... 
commands This vulnerability is due to insufficient input sanitization calculated MISC 
when communicating customer process. aaeenoes 
Cross-site scripting vulnerability in Hitachi Application Server Help 
hitachi -- (Hitachi Application Server V10 Manual (Windows) version 10-11- not vet CVE-2021-20741 
application_server_help_server 01 and earlier and Hitachi Application Server V10 Manual (UNIX) || 2021-06-22 jane MISC 
version 10-11-01 and earlier) allows a remote attacker to inject an MISC 
arbitrary script via unspecified vectors. 
A potential vulnerability has been identified in HPE OneView 
hpe -- oneview_global_dashboard_ ||Global Dashboard release 2.31 which could lead to a local 2021-06-24 not yet |CVE-2021-26585 
disclosure of privileged information. HPE has provided an update calculated |MISC 
ito OneView Global Dashboard. The issue is resolved in 2.32. 
There is an improper authorization vulnerability in eCNS280 
huawei — multiple products V100R005C00, V100R005C10 and eSE620X vESS 
V100R001C10SPC200, V100R001C20SPC200. A file access is 2021-06-22 not yet |CVE-2021-22361 
not authorized correctly. Attacker with low access may launch calculated |MISC 
privilege escalation in a specific scenario. This may compromise 
the normal service. 
There is an information leak vulnerability in Huawei products. A 
module does not deal with specific input sufficiently. High privilege 
attackers can exploit this vulnerability by performing some 
operations. This can lead to information leak. Affected product 
huawei -- multiple products versions include: IPS Module versions VS500RO05C00, 2021-06-22 not yet |CVE-2021-22342 
V500R005C10, V500R005C20; NGFW Module versions calculated |MISC 
\V500R005C00,V500R005C10, V500R005C20; SeMG9811 
versions V500R005C00; USG9500 versions V500R001C00, 
'V500R001C20, V500R001C30, V500R001C50, V500R001C60, 
V500R001C80, V500R005C00, V500R005C10, V500R005C20. 
There is an out-of-bounds read vulnerability in eCNS280_TD 
v100R005C10 and eSE620X vESS V100R001C10SPC200, 
, : V100R001C20SPC200, V200R001C00SPC300. The vulnerability 
nea we) mniiple preguats is due to a message-handling function that contains an out-of- 2021-06-22 i ie eee ees 
bounds read vulnerability. An attacker can exploit this vulnerability calculated (MISC 
by sending a specific message to the target device, which could 
cause a Denial of Service (DoS). 
Huawei LTE USB Dongle products have an improper permission 
assignment vulnerability. An attacker can locally access and log in 
huawei -- multiple products to a PC to induce a user to install a specially crafted application. 2021-06-22 not yet |CVE-2021-22382 
After successfully exploiting this vulnerability, the attacker can calculated |MISC 
perform unauthenticated operations. Affected product versions 
include:E3372 E3372h-153T CPU-V200R002B333D01SPO00CO0. 
There is a race condition vulnerability in eCNS280_TD 
‘ : 'V100RO005C00 and V100R005C10. There is a timing window 
pianiel =< nlMipleipraduets exists in which the database can be operated by another thread 2021-06-22 be ae ae 
that is operating concurrently. Successful exploit may cause the calculated |Mlsy 
affected device abnormal. 
There is a command injection vulnerability in S12700 
V200R019CO0SPC500, S2700 V200R019CO0SPC500, $5700 
: : V200R019CO0SPC500, S6700 V200R019CO0SPC500 and S7700 
huawei — multiple products \V200R019CO0SPC500. A module does not verify specific input |) 2021-06-22 || "OL vet oe 
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Prima’ a : CVSS Source & Patch 
Vendor -- Peslick Bescmpron Published Score Info 
‘There is an out-of-bounds read vulnerability in eSE620X vESS 
v100R001C10SPC200, V100R001C20SPC200, 
huawei -- multiple products V200R001CO0SPC300. The vulnerability is due to a function that 2021-06-22 not yet |CVE-2021-22366 
handles an internal message contains an out-of-bounds read calculated |MISC 
vulnerability. An attacker could crafted messages between system 
process, successful exploit could cause Denial of Service (DoS). 
‘There is an out of bounds read vulnerability in eSE620X vVESS 
v100R001C10SPC200, V100R001C20SPC200, 
huawei -- multiple products V200R001CO0SPC300. A local attacker can exploit this 2021-06-22 not yet CVE-2021-22365 
vulnerability by sending specific message to the target device. calculated |MISC 
Due to insufficient validation of internal message, successful 
exploit may cause the process and the service abnormal. 
There is a resource management error vulnerability in 
eCNS280_TD V100R005C10SPC650. An attacker needs to 
huawei -- multiple products perform specific operations to exploit the vulnerability on the 2021-06-22 not yet |CVE-2021-22363 
affected device. Due to improper resource management of the calculated |MISC 
function, the vulnerability can be exploited to cause service 
abnormal on affected devices. 
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect CVE-2020-4885 
ibm -- db2 Server) 11.5 could allow a local user to access and change the 2021-06-24 not yet CONFIRM. 
configuration of Db2 due to a race condition of a symbolic link,. calculated XE 
IBM X-Force ID: 190909. ieee 
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect 
ibm = db? Server) 9.7, 10.1, 10.5, 11.1, and 11.5, under specific not yet CVE-2021-29777 
circumstance of a table being dropped while being accessed in 2021-06-24 ealculated XF 
another session, could allow an authenticated user to cause a CONFIRM 
denial of service IBM X-Force ID: 203031. 
Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 
ibm -- db2 is vulnerable to a denial of service as the server terminates 2021-06-24 not yet — 
abnormally when executing a specially crafted SELECT calculated XE! 
statement. IBM X-Force ID: 200659. —— 
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect 
ibm -- db2 Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user who can not yet CVE-2021-20579 
create a view or inline SQL function to obtain sensitive information || 2021-06-24 calculated XF 
when AUTO_REVAL is set to DEFFERED_FORCE. IBM X-Force CONFIRM 
ID: 199283. 
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect 
ibm -- db2 Server) 11.5 could allow an authenticated user to overwrite 2021-06-24 not yet oo 
arbitrary files due to improper group permissions. IBM X-Force ID: calculated CONFIRM 
191945. mie 
IBM Security Sevret Server (IBM Security Verify Privilege 
ibm -- security_sevret_server Manager 10.8.2) is vulnerable to a buffer overflow, caused by not yet CVE-2020-4609 
= = improper bounds checking. A local attacker could overflow a 2021-06-25 calculated XF 
buffer and execute arbitrary code on the system or cause the CONFIRM 
system to crash. IBM X-Force ID: 184917. 
ibm -- security_sevret_server IBM Security Sevret Server (IBM Security Verify Privilege not yet CVE-2020-4610 
= = Manager 10.8.2 ) could allow a local user to execute code due to 2021-06-25 ealculaiad XE 
improper integrity checks. IBM X-Force ID: 184919. CONFIRM 
IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is 
vulnerable to link injection. By persuading a victim to click on a CVE-2021-29676 
ibm -- security_verify specially-crafted URL link, a remote attacker could exploit this 2021-06-25 not yet XFt~S 
vulnerability to conduct various attacks against the vulnerable calculated CONFIRM 
system, including cross-site scripting, cache poisoning or session ———$—=— 
hijacking 
IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is 
ibm -- security_verify vulnerable to cross-site scripting. This vulnerability allows users to not yet CVE-2021-29677 
= embed arbitrary JavaScript code in the Web UI thus altering the 2021-06-25 calculated CONFIRM 
intended functionality potentially leading to credentials disclosure XF 
within a trusted session. 
IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) CVE-2021-20583 
ibm -- security_verify could disclose sensitive information through an HTTP GET 2021-06-25 not yet XFttSt~S 
request by a privileged user due to improper input validation.. IBM calculated CONFIRM 
X-Force ID: 199396. ee 
ibos -- ibos In IBOS 4.5.4 Open, Arbitrary File Inclusion causes getshell via 2021-06-24 not yet ||CVE-2020-21786 
/system/modules/dashboard/controllers/CronController.php. calculated ||MISC 
ibos -- ibos In IBOS 4.5.4 the email function has a cross site scripting (XSS) 2021-06-24 not yet CVE-2020-21783 
vulnerability in emailbody[content] parameter. calculated |MISC 
ibos-- ibos In IBOS 4.5.4 Open, the database backup has Command Injection 2021-06-24 not yet |CVE-2020-21785 
Vulnerability. calculated ||MISC 
; : : : ImageMagick 7.0.11-14 has a memory leak in 
imagemagick — imagemagick Roane’ ai aphoreiierion in cena ois and 2021-06-25 not yet |i ase ean tee 
: : ; calculated |CONFIRM 
AcquireMagickMemory in memory.c. 
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Prima’ ar : CVSS Source & Patch 
Vendor -- Prsiick Peecmpren Published | Score Info 
‘final -- ifinal In applications using jfinal 4.9.08 and below, there is a nakvet CVE-2021-31649 
! J deserialization vulnerability when using redis,may be vulnerable to]. 2021-06-24 Sicie teq MISC 
remote code execute MISC 
An issue was discovered in JFinal framework v4.9.10 and below. 
\jfinal -- jfinal The "set" method of the "Controller" class of jfinal framework is not 2021-06-24 not yet CVE-2021-33348 
strictly filtered, which will lead to XSS vulnerabilities in some calculated |MISC 
cases. 
; exacqVision Enterprise Manager 20.12 does not sufficient! 
johnson_controls a alidete. filter, eee Adee ieee user-controllable input not yet CVE-2021-27658 
exacqvision_enterprise_manager b ee : . : 2021-06-24 CERT 
efore it is placed in output that is used as a web page that is calculated CONFIRM 
served to other users. bceaiiaerieene 
; exacqVision Web Service 21.03 does not sufficiently validate, 
Reheat mele heer filter, escape, and/or encode user-controllable input before it is 2021-06-24 not yet aio! 
PABCA VISION WEP Selvice placed in output that is used as a web page that is served to other os calculated CONFIRM 
users. (eaten! 
Flysystem is an open source file storage library for PHP. The 
whitespace normalisation using in 1.x and 2.x removes any 
unicode whitespace. Under certain specific conditions this could 
potentially allow a malicious user to execute code remotely. The 
conditions are: A user is allowed to supply the path or filename of 
an uploaded file, the supplied path or filename is not checked CVE-2021-32708 
league -- flysystem against unicode chars, the supplied pathname checked against an not yet MISC 
extension deny-list, not an allow-list, the supplied path or filename || 2021-06-24 calculated MISC 
contains a unicode whitespace char in the extension, the CONFIRM 
uploaded file is stored in a directory that allows PHP code to be MISC 
executed. Given these conditions are met a user can upload and 
execute arbitrary code on the system under attack. The unicode 
whitespace removal has been replaced with a rejection 
(exception). For 1.x users, upgrade to 1.1.4. For 2.x users, 
upgrade to 2.1.1. 
In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch 
inte linux kernel can be mispredicted (e.g., because of type confusion) and not yet oo 
= consequently an unprivileged BPF program can read arbitrary 2021-06-23 calculated |CONFIRM 
memory locations via a side-channel attack, aka CID- CONFIRM 
918367 1af6db. a 
ICVE-2020-28097 
lintic=dinuxckerel The vgacon subsystem in the Linux kernel before 5.8.10 not yet MISC 
= mishandles software scrollback. There is a vgacon_scrolldelta out-|| 2021-06-24 calculated MISC 
of-bounds read, aka CID-973c096f6a85. MISC 
MISC 
mackron -- miniaudio Miniaudio 0.10.35 has a Double free vulnerability that could cause 2021-06-25 not yet CVE-2021-34184 
a buffer overflow in ma_default_vfs_close__stdio in miniaudio.h. calculated |CONFIRM 
mackron -- miniaudio Miniaudio 0.10.35 has an integer-based buffer overflow caused by 2021-06-25 not yet |CVE-2021-34185 
an out-of-bounds left shift in drwav_bytes_to_u32 in miniaudio.h calculated |CONFIRM 
; P app/View/Elements/genericElements/IndexTable/Fields/generic_field.ct 
TSP MSP in MISP 2.4.144 ie not sanitize certain data related fo genene 2021-06-25 a sae — 
template:index. calcurated jis 
mongo-express is a web-based MongoDB admin interface, written 
with Node.js and express. 1: As mentioned in this issue: 
https://github.com/mongo-express/mongo-express/issues/577, 
when the content of a cell grows larger than supported size, 
clicking on a row will show full document unescaped, however this 
mongo-express -- mongo-express needs admin interaction on cell. 2: Data cells identified as media not yet “on 
will be rendered as media, without being sanitized. Example of 2021-06-21 calculated |CONFIRM 
different renders: image, audio, video, etc. As an example of type MISC. 
1 attack, an unauthorized user who only can send a large amount ——— 
of data in a field of a document may use a payload with embedded 
javascript. This could send an export of a collection to the attacker 
without even an admin knowing. Other types of attacks such as 
dropping a database\collection are possible. 
A command execution vulnerability exists in the default legacy 
moodle -- moodle spellchecker plugin in Moodle 3.10. A specially crafted series of 2021-06-23 not yet ||CVE-2021-21809 
HTTP requests can lead to command execution. An attacker must calculated |MISC 
have administrator privileges to exploit this vulnerabilities. 
A compromised content process could have performed session 
mozilla -- firefox history manipulations it should not have been able to due to 2021-06-24 not yet we 
testing infrastructure that was not restricted to testing-only calculated MISC 
configurations. This vulnerability affects Firefox < 88. er 
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Prima’ ae : CVSS Source & Patch 
Vendor -- Prsiick Bescmptlon eubilehed Score Info 
A race condition with requestPointerLock() and setTimeout() could 
have resulted in a user interacting with one tab when they 
believed they were on a separate tab. In conjunction with certain nok vet CVE-2021-24000 
mozilla -- firefox elements (such as &lt;input type="file"&gt;) this could have led to 2021-06-24 enicuted MISC 
an attack where a user was confused about the origin of the MISC 
webpage and potentially disclosed information they did not intend 
to. This vulnerability affects Firefox < 88. 
By utilizing 3D CSS in conjunction with Javascript, content could CVE-2021-23996 
mozilla -- firefox have been rendered outside the webpage's viewport, resulting in a 2021-06-24 not yet MISC. 
spoofing attack that could have been used for phishing or other calculated MISC 
attacks on a user. This vulnerability affects Firefox < 88. == 
Address bar search suggestions in private browsing mode were CVE-2021-29963 
mozilla -- firefox re-using session data from normal mode. *This bug only affects 2021-06-24 not yet MISC... 
Firefox for Android. Other operating systems are unaffected.*. calculated MISC 
This vulnerability affects Firefox < 89. (caiman 
Due to unexpected data type conversions, a use-after-free could CVE-2021-23997 
mozilla -- firefox have occurred when interacting with the font cache. We presume 2021-06-24 not yet MISC... 
that with enough effort this could have been exploited to run calculated MISC 
arbitrary code. This vulnerability affects Firefox < 88. Fecn =e 
When styling and rendering an oversized *<select>* element, CVE-2021-29961 
mozilla -- firefox Firefox did not apply correct clipping which allowed an attacker to 2021-06-24 not yet MISC... 
en over the user interface. This vulnerability affects Firefox < calculated MISC 
Firefox used to cache the last filename used for printing a file. 
When generating a filename for printing, Firefox usually suggests CVE-2021-29960 
mozilla -- firefox the web page title. The caching and suggestion techniques 2021-06-24 not yet MISC... 
combined may have lead to the title of a website visited during calculated MISC 
private browsing mode being stored on disk. This vulnerability = 
affects Firefox < 89. 
Lack of escaping allowed HTML injection when a webpage was 
mozilla -- firefox viewed in Reader View. While a Content Security Policy prevents not yet CVE-2021-29944 
direct code execution, HTML injection is still possible. *Note: This || 2021-06-24 calculated MISC 
issue only affected Firefox for Android. Other operating systems MISC 
are unaffected.*. This vulnerability affects Firefox < 88. 
When a user has already allowed a website to access microphone 
and camera, disabling camera sharing would not fully prevent the CVE-2021-29959 
mozilla -- firefox website from re-enabling it without an additional prompt. This was 2021-06-24 not yet MISC... 
only possible if the website kept recording with the microphone calculated MISC 
until re-enabling the camera. This vulnerability affects Firefox < teenies 
89. 
A transient execution vulnerability, named Floating Point Value 
Injection (FPVI) allowed an attacker to leak arbitrary memory CVE-2021-29955 
mozilla -- firefox addresses and may have also enabled JIT type confusion attacks. 2021-06-24 not yet MISC 
(A related vulnerability, Speculative Code Store Bypass (SCSB), calculated |MISC 
did not affect Firefox.). This vulnerability affects Firefox ESR < MISC 
78.9 and Firefox < 87. 
A malicious website that causes an HTTP Authentication dialog to 
be spawned could trick the built-in password manager to suggest CVE-2021-29965 
mozilla -- firefox passwords for the currently active website instead of the website 2021-06-24 not yet MISC... 
that triggered the dialog. *This bug only affects Firefox for Android. calculated MISC 
Other operating systems are unaffected.*. This vulnerability affects fpeeeerera 
Firefox < 89. 
If a Blob URL was loaded through some unusual user interaction, CVE-2021-23999 
novzilla<- it could have been loaded by the System Principal and granted not yet MISC 
firefox esr thunderbird and firefox additional privileges that should not be granted to web content. 2021-06-24 calculated MISC 
=o = Sr This vulnerability affects Firefox ESR < 78.10, Thunderbird < MISC 
78.10, and Firefox < 88. MISC 
A WebGL framebuffer was not initialized early enough, resulting in oo 
mozilla -- memory corruption and an out of bound write. This vulnerability 2021-06-24 not yet MISC 
firefox_esr_thunderbird_and_firefox |laffects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < calculated MISC 
Ae MISC 
When a user clicked on an FTP URL containing encoded newline CVE-2021-24002 
niovilla:<- characters (%0A and %0D), the newlines would have been not yet MISC 
firefox: esr thunderbird and firefox interpreted as such and allowed arbitrary commands to be sent to || 2021-06-24 calculated MISC 
== Sra the FTP server. This vulnerability affects Firefox ESR < 78.10, MISC 
Thunderbird < 78.10, and Firefox < 88. MISC 
When Responsive Design Mode was enabled, it used references CVE-2021-23995 
inavillaxc to objects that were previously freed. We presume that with not yet MISC 
firefox: esr thunderbird and firelox enough effort this could have been exploited to run arbitrary code. || 2021-06-24 calculated MISC 
= Se This vulnerability affects Firefox ESR < 78.10, Thunderbird < MISC 
78.10, and Firefox < 88. MISC 
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Prima’ ae : CVSS Source & Patch 
Vendor -- Prslick Pescmpren eubilehed Score Info 
: ‘Through complicated navigations with new windows, an HTTP CVE-2021-23998 
nese - thunderbird and firefox ||Pa9e could have inherited a secure lock icon from an HTTPS 2021-06-24 not yet rw 
retox_esr_thunderdird_anc_iretox | 4e. This vulnerability affects Firefox ESR < 78.10, Thunderbird ~* | calculated |irisc 

< 78.10, and Firefox < 88. MISC 

‘The WebAssembly JIT could miscalculate the size of a return CVE-2021-29945 
mozilla -- type, which could lead to a null read and result in a crash. *Note: not vet MISC 
firefox_esr_thunderbird_and_firefox |/This issue only affected x86-32 platforms. Other platforms are 2021-06-24 Pech ted MISC 

unaffected.*. This vulnerability affects Firefox ESR < 78.10, MISC 

Thunderbird < 78.10, and Firefox < 88. MISC 

A malicious webpage could have forced a Firefox for Android user 

into executing attacker-controlled JavaScript in the context of 

another domain, resulting in a Universal Cross-Site Scripting CVE-2021-29953 
mozilla -- firefox_for_android vulnerability. “Note: This issue only affected Firefox for Android. 2021-06-24 not yet MISC... 

Other operating systems are unaffected. Further details are being calculated MISC 

temporarily withheld to allow users an opportunity to update.*. ae 

This vulnerability affects Firefox < 88.0.1 and Firefox for Android < 

88.1.3. 

Proxy functionality built into Hubs Cloud’s Reticulum software CVE-2021-29954 
mozilla -- hubs_ cloud allowed access to internal URLs, including the metadata service. 2021-06-24 not yet Ms 

This vulnerability affects Hubs Cloud < calculated MISC 

mozillareality/reticulum/1.0.1/20210428201255. bei 

An attacker may perform a DoS attack to prevent a user from 

sending encrypted email to a correspondent. If an attacker creates 

a crafted OpenPGP key with a subkey that has an invalid self not vet CVE-2021-23993 
mozilla -- thunderbird signature, and the Thunderbird user imports the crafted key, then || 2021-06-24 deena MISC 

Thunderbird may try to use the invalid subkey, but the RNP library MISC 

rejects it from being used, causing encryption to fail. This 

vulnerability affects Thunderbird < 78.9.1. 

‘Thunderbird did not check if the user ID associated with an 

OpenPGP key has a valid self signature. An attacker may create a 

crafted version of an OpenPGP key, by either replacing the not-vyet CVE-2021-23992 
mozilla -- thunderbird original user ID, or by adding another user ID. If Thunderbird 2021-06-24 eateuied MISC 

imports and accepts the crafted key, the Thunderbird user may MISC 

falsely conclude that the false user ID belongs to the 

correspondent. This vulnerability affects Thunderbird < 78.9.1. 

Signatures are written to disk before and read during verification, CVE-2021-29948 
mozilla -- thunderbird which might be subject to a race condition when a malicious local 2021-06-24 not yet MISC. 

process or user is replacing the file. This vulnerability affects calculated MISC 

Thunderbird < 78.10. —— 

OpenPGP secret keys that were imported using Thunderbird 

version 78.8.1 up to version 78.10.1 were stored unencrypted on 

F : the user's local disk. The master password protection was inactive CVE-2021-29956 
mozilla hiundenpird for those keys. Version 78.10.2 wil restore the protection 2021-06-24 ie MISC 
mechanism for newly imported keys, and will automatically protect cae lala 

keys that had been imported using affected Thunderbird versions. 

This vulnerability affects Thunderbird < 78.10.2. 

If a MIME encoded email contains an OpenPGP inline signed or 

; F encrypted message part, but also contains an additional CVE-2021-29957 
InSeile ee InGemIeS unprotected part, Thunderbird did not indicate that only parts of | 2021-06-24 || TO'YS! | Imisc 

the message are protected. This vulnerability affects Thunderbird Saas Mien 

< 78.10.2. 

If a Thunderbird user has previously imported Alice's OpenPGP 

key, and Alice has extended the validity period of her key, but 

, : Alice's updated key has not yet been imported, an attacker ma CVE-2021-23991 
mozilla = thunderbird send an eral Sontining a erated vein of Alice's key with an 2021-06-24 ih sae MISC 

invalid subkey, Thunderbird might subsequently attempt to use the eae ee aiee 

invalid subkey, and will fail to send encrypted email to Alice. This 

vulnerability affects Thunderbird < 78.9.1. 

When loading the shared library that provides the OTR protocol 

implementation, Thunderbird will initially attempt to open it using a 

filename that isn't distributed by Thunderbird. If a computer has CVE-2021-29949 
mozilla -- thunderbird already been infected with a malicious library of the alternative 2021-06-24 not yet MISC... 

filename, and the malicious library has been copied to a directo calculated | a5 

ipaeneihalie y eee aoe iy MISC 

that is contained in the search path for executable libraries, then ‘rans 

Thunderbird will load the incorrect library. This vulnerability affects 

Thunderbird < 78.9.1. 

A locally-installed hostile program could send ‘\WM_COPYDATA’ CVE-2021-29964 
mozilla -- thunderbird_ messages that Firefox would process incorrectly, leading to an not vet MISC 
firefox_and_firefox_esr out-of-bounds read. *This bug only affects Firefox on Windows. 2021-06-24 ean ted MISC 

Other operating systems are unaffected.*. This vulnerability affects MISC 

Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11. MISC 
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Primary oe P Cvss Source & Patch 
Vendor -- Product Pescmptien Publiehed Score Info 
The Mozilla Maintenance Service granted SERVICE_START 
access to BUILTIN|Users which, in a domain network, grants 
normal remote users access to start or stop the service. This 
‘ovilla ce could be used to prevent the browser update service from +1 elie 
ihunderbikd firerox< and direiorvesr operating (if an attacker spammed the 'Stop command); but also 2021-06-24 not yet MISC 
= Se = exposed attack surface in the maintenance service. *Note: This calculated MISC 
issue only affected Windows operating systems older than Win 10 MISC 
build 1709. Other operating systems are unaffected.*. This = 
vulnerability affects Thunderbird < 78.10.1, Firefox < 87, and 
Firefox ESR < 78.10.1. 
MODAPI-sys in MSI Dragon Center 2.0.104.0 allows low- 
msi_dragon_center -- privileged users to access kernel memory and potentially escalate o : 
msi_dragon center privileges via a crafted IOCTL 0x9c406104 call. This IOCTL 2021-06-21 | Totyet ees 
provides the MmMaploSpace feature for mapping physical frenceeaas 
memory. 
MyQ Server in MyQ X Smart before 8.2 allows remote code 
execution by unprivileged users because administrative session 
data can be read in the %~PROGRAMFILES%\MyQ\PHP\Sessions 
mye Aco iakt mye eeIver directory. The "Select server file" feature is only intended for 2021-06-21 AGE YE! | enel seed 
es : eae calculated |MISC 
administrators but actually does not require authorization. An 
attacker can inject arbitrary OS commands (such as commands to 
create new .php files) via the Task Scheduler component. 
neos/forms is an open source framework to build web forms. By 
crafting a special ‘GET request containing a valid form state, a 
form can be submitted without invoking any validators. Form state 
is secured with an HMAC that is still verified. That means that this nn 
Hass form issue can only be exploited if Form Finishers cause side effects not yet MISC 
even if no form values have been sent. Form Finishers can be 2021-06-21 y heirs 
: : Suis f calculated |MISC 
adjusted in a way that they only execute an action if the submitted CONFIRM 
form contains some expected data. Alternatively a custom MISC. 
Finisher can be added as first finisher. This regression was ro 
introduced with 
https://github.com/neos/form/commit/049d415295be8d4a0478ccbap7dba1bb81649567 
NVIDIA GeForce Experience, all versions prior to 3.23, contains a 
vulnerability where, if a user clicks on a maliciously formatted link 
Bas : that opens the GeForce Experience login page in a new browser 
nvidia = geloroe Sapenenng tab instead of the GeForce Experience application and enters their|| 2021-06-25 not yet eae es 
aye . ees . calculated |CONFIRM 
login information, the malicious site can get access to the token of 
the user login session. Such an attack may lead to these targeted 
users' data being accessed, altered, or lost. 
ois ni Bootloader contains a vulnerability in NVIDIA MB2, which may 
nvidia = muidiantnne cause free-the-wrong-heap, which may lead to limited denial of 2021-06-22 no ye! Sees aes 
: calculated |CONFIRM 
service. 
— Sty Bootloader contains a vulnerability in access permission settings 
nvidia nvigia. mn2 where unauthorized software may be able to overwrite NVIDIA 2021-06-22 tae ae 
MB2 code, which would result in limited denial of service. (iain 
Trusty (the trusted OS produced by NVIDIA for Jetson devices) 
driver contains a vulnerability in the NVIDIA OTE protocol 
nvidia -- trusty message parsing code where an integer overflow in a malloc() 2021-06-22 not yet CVE-2021-34372 
size calculation leads to a buffer overflow on the heap, which calculated ||CONFIRM 
might result in information disclosure, escalation of privileges, and 
denial of service. 
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel 
nvidia -- trusty function where a lack of checks allows the exploitation of an 2021-06-22 not yet |CVE-2021-34390 
integer overflow on the size parameter of the calculated |CONFIRM 
tz_map_shared_mem function. 
Trusty TLK contains a vulnerability in the NVIDIA TLK kerneli “4s 
nvidia -- trusty tz_handle_trusted_app_smc function where a lack of integer 2021-06-22 not yet |CVE-2021-34391 
overflow checks on the req_off and param_ofs variables leads to calculated |CONFIRM 
memory corruption of critical kernel structures. 
‘Trusty TLK contains a vulnerability in the NVIDIA TLK kernel 
nvidia -- trusty where an integer overflow in the tz_map_shared_mem function 2021-06-22 not yet CVE-2021-34392 
can bypass boundary checks, which might lead to denial of calculated |CONFIRM 
service. 
Trusty contains a vulnerability in TSEC TA which deserializes the 
foie incoming messages even though the TSEC TA does not expose . : 
piviclicl = Anusty any command. This vulnerability might allow an attacker to exploit || 2021-06-22 ia hee — 
the deserializer to impact code execution, causing information ———— 
disclosure. 
‘Trusty TLK contains a vulnerability in the NVIDIA TLK kernel 
nvidia -- trusty where an integer overflow in the calloc size calculation can cause 2021-06-21 not yet |CVE-2021-34386 
the multiplication of count and size can overflow, which might lead calculated |CONFIRM 
ito heap overflows. 
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‘Trusty TLK contains a vulnerability in its access permission 
nvidia -- trusty settings where it does not properly restrict access to a resource 
from a user with local privileges, which might lead to limited 
information disclosure and limited denial of service. 


The ARM TrustZone Technology on which Trusty is based on 
contains a vulnerability in access permission settings where the 
nvidia -- trusty portion of the DRAM reserved for TrustZone is identity-mapped by 
'TLK with read, write, and execute permissions, which gives write 
access to kernel code and data that is otherwise mapped read 
only. 


‘Trusty contains a vulnerability in all TAs whose deserializer does 
nvidia -- trusty not reject messages with multiple occurrences of the same 
parameter. The deserialization of untrusted data might allow an 
attacker to exploit the deserializer to impact code execution. 


Trusty contains a vulnerability in NVIDIA OTE protocol message 
nvidia -- trusty parsing code, which is present in all the TAs. An incorrect bounds 
check leads to a memory leak of a portion of the heap situated 
after a stream buffer. 


In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak 
password requirements as it does not enforce a maximum 
password length limit. If a malicious user is aware of the first 72 2021-06-24 
characters of the victim user’s password, he can leverage it to an 
account takeover. 


Vulnerability in OpenGrok (component: Web App). Versions that 
are affected are 1.6.7 and prior. Easily exploitable vulnerability 
allows low privileged attacker with network access via HTTPS to 
compromise OpenGrok. Successful attacks of this vulnerability 2021-06-23 
can result in takeover of OpenGrok. CVSS 3.1 Base Score 8.8 
(Confidentiality, Integrity and Availability impacts). CVSS Vector: 
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 


** UNSUPPORTED WHEN ASSIGNED ** Oracle GlassFish 
Server 3.1.2.18 and below allows 
/commoni/logViewer/logViewer.jsf XSS. A malicious user can 
cause an administrator user to supply dangerous content to the 
oracle -- glassfish_server vulnerable page, which is then reflected back to the user and 2021-06-25 not yet |CVE-2021-3314 
executed by the web browser. The most common mechanism for calculated |MISC 
delivering malicious content is to include it as a parameter in a 
URL that is posted publicly or e-mailed directly to victims. NOTE: 
This vulnerability only affects products that are no longer 
supported by the maintainer. 


ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access 
Control Decision API that authorizes HTTP requests based on 
sets of Access Rules. When you make a request to an endpoint 
that requires the scope ‘foo’ using an access token granted with 
that “foo” scope, introspection will be valid and that token will be 
cached. The problem comes when a second requests to an 
endpoint that requires the scope ‘bar’ is made before the cache 
has expired. Whether the token is granted or not to the ‘bar’ 
scope, introspection will be valid. A patch will be released with 
*v0.38.12-beta.1°. Per default, caching is disabled for the 


not yet CVE-2021-34395 


2021-06-22 |! -aicuiated |CONFIRM 








not yet |CVE-2021-34387 


2021-06-21 |! calculated [CONFIRM 








not yet |CVE-2021-34394 


2021-06-22 |! -aicuiated |CONFIRM 








not yet ||CVE-2021-34389 


2021-06-21 |! -siculated |CONFIRM 








CVE-2021-25923 
MISC 
MISC 


Openemer -- openemr not yet 


calculated 








opengrok -- opengrok not yet |CVE-2021-2322 


calculated ||MISC 














CVE-2021-32701 


biysGathikenper *oauth2_introspection’ authenticator. When caching is disabled, 2021-06-22 aes ite 
this vulnerability does not exist. The cache is checked in [func (a CONFIRM 


*AuthenticatorOAuth2Introspection) Authenticate(...)"] 
(https://github.com/ory/oathkeeper/blob/6a31df1c3779425e05db1c2a381166b087¢b29a4/pipeline/authn/authenticator_ 
From ['tokenFromCache()’] 
(https://github.com/ory/oathkeeper/blob/6a31 df1c3779425e05db1c2a381166b087¢b29a4/pipeline/authn/authenticator_ 
it seems that it only validates the token expiration date, but 
ignores whether the token has or not the proper scopes. The 
vulnerability was introduced in PR #424. During review, we failed 
to require appropriate test coverage by the submitter which is the 
primary reason that the vulnerability passed the review process. 


An improper authorization vulnerability in Palo Alto Networks 
Cortex XSOAR enables a remote unauthenticated attacker with 
network access to the Cortex XSOAR server to perform 
unauthorized actions through the REST API. This issue impacts: 
Cortex XSOAR 6.1.0 builds later than 1016923 and earlier than not vet ICVE-2021-3044 
1271064; Cortex XSOAR 6.2.0 builds earlier than 1271065. This 2021-06-22 eecucied Misc. 
issue does not impact Cortex XSOAR 5.5.0, Cortex XSOAR 6.0.0, aioe 

Cortex XSOAR 6.0.1, or Cortex XSOAR 6.0.2 versions. All Cortex 
XXSOAR instances hosted by Palo Alto Networks are upgraded to 
resolve this vulnerability. No additional action is required for these 
instances. 








palot_alto_networks -- cortex_xsoar 
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pam_setquota.c -- pam_setquota.c 


pam_setquota.c in the pam_setquota module before 2020-05-29 
for Linux-PAM allows local attackers to set their quota on an 
arbitrary filesystem, in certain situations where the attacker's 
home directory is a FUSE filesystem mounted under /home. 


2021-06-22 


not yet 
calculated 


CVE-2020-36394 
MISC 








pandorafms -- pandorafms 


PandoraFMS <=7.54 allows Stored XSS by placing a payload in 
the name field of a visual console. When a user or an 
administrator visits the console, the XSS payload will be executed. 


2021-06-25 


not yet 
calculated 





CVE-2021-35501 
MISC 








pandorafms -- pandorafms 


PandoraFMS <=7.54 allows arbitrary file upload, it leading to 
remote command execution via the File Manager. To bypass the 
built-in protection, a relative path is used in the requests. 


2021-06-25 


not yet 
calculated 





CVE-2021-34074 
MISC 








phoenix_contact -- 
axl_f_bk_and_il__bk_products 


In certain devices of the Phoenix Contact AXL F BK and IL BK 
product families an undocumented password protected FTP 
access to the root directory exists. 


2021-06-25 


not yet 
calculated 





CVE-2021-33540 
CONFIRM 








phoenix_contact -- 


Phoenix Contact Classic Automation Worx Software Suite in 
Version 1.87 and below is affected by a remote code execution 
vulnerability. Manipulated PC Worx or Config+ projects could lead 
ito a remote code execution when unallocated memory is freed 
because of incompletely initialized data. The attacker needs to get 
access to an original bus configuration file (*.bcp) to be able to 


classic_automation_worx_software_Smiémipulate data inside. After manipulation the attacker needs to 


exchange the original file by the manipulated one on the 
application programming workstation. Availability, integrity, or 
confidentiality of an application programming workstation might be 
compromised by attacks using these vulnerabilities. Automated 
systems in operation which were programmed with one of the 
above-mentioned products are not affected. 


2021-06-25 


not yet 
calculated 


CVE-2021-33542 
CONFIRM 








phoenix_contact -- 
classic_line_controllers 


Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 in all 
versions/variants are affected by a Denial-of-Service vulnerability. 
The communication protocols and device access do not feature 
authentication measures. Remote attackers can use specially 
crafted IP packets to cause a denial of service on the PLC's 
network communication module. A successful attack stops all 
network communication. To restore the network connectivity the 
device needs to be restarted. The automation task is not affected. 


2021-06-25 


not yet 
calculated 


CVE-2021-33541 
CONFIRM 








phoenix_contact -- 
fl_comserver_uni 


In Phoenix Contact FL COMSERVER UNI in versions < 2.40 a 
invalid Modbus exception response can lead to a temporary denial 
of service. 


2021-06-25 


not yet 
calculated 


CVE-2021-21002 
CONFIRM 








phoenix_contact -- fl_switch_smcs 


In Phoenix Contact FL SWITCH SMCS series products in multiple 
versions fragmented TCP-Packets may cause a Denial of Service 
of Web-, SNMP- and ICMP-Echo services. The switching 
functionality of the device is not affected. 


2021-06-25 


not yet 
calculated 


CVE-2021-21003 
CONFIRM 








phoenix_contact -- fl_switch_smcs 


In Phoenix Contact FL SWITCH SMCS series products in multiple 
versions an attacker may insert malicious code via LLDP frames 
into the web-based management which could then be executed by 
the client. 


2021-06-25 


not yet 
calculated 


CVE-2021-21004 
CONFIRM 








phoenix_contact -- fl_switch_smcs 


In Phoenix Contact FL SWITCH SMCS series products in multiple 
versions if an attacker sends a hand-crafted TCP-Packet with the 

Urgent-Flag set and the Urgent-Pointer set to 0, the network stack 
will crash. The device needs to be rebooted afterwards. 


2021-06-25 


not yet 
calculated 


CVE-2021-21005 
CONFIRM 








phpwems -- phopwcms 


phpwcms 1.9.13 is vulnerable to Code Injection via 
/phpwems/setup/setup.php. 


2021-06-24 


not yet 
calculated 


CVE-2020-21784 
MISC 








pterodactyl -- wings 


Wings is the control plane software for the open source 
Pterodactyl game management system. All versions of Pterodactyl 
Wings prior to “1.4.4° are vulnerable to system resource 
exhaustion due to improper container process limits being defined. 
A malicious user can consume more resources than intended and 
cause downstream impacts to other clients on the same hardware, 
eventually causing the physical server to stop responding. Users 
should upgrade to °1.4.4° to mitigate the issue. There is no non- 
code based workaround for impacted versions of the software. 
Users running customized versions of this software can manually 
set a PID limit for containers created. 


2021-06-22 


not yet 
calculated 


CVE-2021-32699 
MISC 
CONFIRM 








qnap -- qnap_nas 








A command injection vulnerability has been reported to affect 
QNAP NAS running legacy versions of QTS. If exploited, this 
vulnerability allows attackers to execute arbitrary commands in a 
compromised application. This issue affects: QNAP Systems Inc. 
QTS versions prior to 4.3.6.1663 Build 20210504; versions prior to 
4.3.3.1624 Build 20210416. This issue does not affect: QNAP 
Systems Inc. QTS 4.5.3. QNAP Systems Inc. QuTS hero h4.5.3. 





QNAP Systems Inc. QuTScloud c4.5.5. 








2021-06-24 





not yet 
calculated 





CVE-2021-28800 
MISC 











https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2e5e286 


27/32 








6/28/2021 


Vulnerability Summary for the Week of June 21, 2021 










































































corresponding security measures are also available via a plugin. 
For the full range of functions, we recommend updating to the 
latest Shopware version. 

















Prima’ ar, : CVSS Source & Patch 
Vendor -- Prdlick Bescmpron eubilehed Score Info 
All versions of package react-bootstrap-table are vulnerable to CVE-2021-23398 
react-bootstrap-table -- react- Cross-site Scripting (XSS) via the dataFormat parameter. The not vet CONFIRM 
bootstrap-table problem is triggered when an invalid React element is returned, 2021-06-24 eerncied CONFIRM 
leading to dangerouslySetInnerHTML being used, which does not CONFIRM 
sanitize the output. CONFIRM 
Report portal is an open source reporting and analysis framework. 
Starting from version 3.1.0 of the service-api XML parsing was 
introduced. Unfortunately the XML parser was not configured 
report_portal -- report_portal properly to prevent XML external entity (XXE) attacks. This allows not yet oe 
= = a user to import a specifically-crafted XML file which imports 2021-06-23 calculated |CONFIRM 
external Document Type Definition (DTD) file with external entities MISC. 
for extraction of secrets from Report Portal service-api module or beac 
server-side request forgery. This will be resolved in the 5.4.0 
release. 
CVE-2020-18670 
roundcube -- roundcube_mail Cross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4 2021-06-24 not yet MISC 
via database host and user in /installer/test.php. calculated |MISC 
MISC 
CVE-2020-18671 
roundcube -- roundcube_mail Cross Site Scripting (XSS) vulnerability in Roundcube Mail 2021-06-24 not yet MISC 
<=1.4.4 via smtp config in /installer/test.php. calculated |MISC 
MISC 
In the bindata RubyGem before version 2.4.10 there is a potential 
denial-of-service vulnerability. In affected versions it is very slow a 
ruby_on_rails - ruby_on_rails for certain classes in BinData to be created. For example not yet MISC 
=o = BinData::Bit100000, BinData::Bit100001, BinData::Bit100002, 2021-06-24 calculated [CONFIRM 
BinData::Bit<N>. In combination with <user_input>.constantize MISC. 
there is a potential for a CPU-based DoS. In version 2.4.10 MISC 
bindata improved the creation time of Bits and Integers. <= 
sas —- environment_manager SAS Environment Manager 2.5 allows XSS through the Name not yet CVE-2021-35475 
= field when creating/editing a server. The XSS will prompt when 2021-06-25 calculated MISC 
editing the Configuration Properties. MISC 
Shopware is an open source eCommerce platform. In versions 
prior to 6.4.1.1 the admin api has exposed some internal hidden 
fields when an association has been loaded with a to many CVE-2021-32716 
shopware -- shopware reference. Users are recommend to update to version 6.4.1.1. You 2021-06-24 not yet MISC 
can get the update to 6.4.1.1 regularly via the Auto-Updater or calculated |MISC 
directly via the download overview. For older versions of 6.1, 6.2, CONFIRM 
and 6.3, corresponding security measures are also available via a 
plugin. 
Shopware is an open source eCommerce platform. Versions prior 
shopware -- shopware ito 5.6.10 are vulnerable to system information leakage in error not yet oo 
handling. Users are recommend to update to version 5.6.10. You 2021-06-24 calculated MISC 
can get the update to 5.6.10 regularly via the Auto-Updater or CONFIRM 
directly via the download overview. = 
Shopware is an open source eCommerce platform. Versions prior 
to 6.3.5.1 may leak of information via Store-API. The vulnerability 
could only be fixed by changing the API system, which involves a 
non-backward-compatible change. Only consumers of the Store- 
API should be affected by this change. We recommend to update 
to the current version 6.3.5.1. You can get the update to 6.3.5.1 
regularly via the Auto-Updater or directly via the download 
overview. https://www.shopware.com/en/download/#shopware-6 
The vulnerability could only be fixed by changing the API system, 
Which involves a non-backward-compatible change. Only CVE-2021-32711 
shopware -- shopware consumers of the Store-API should be affected by this change. 2021-06-24 not yet MISC 
Please check your plugins if you have it in use. Detailed technical calculated |MISC 
information can be found in the upgrade information. CONFIRM 
https://github.com/shopware/platform/blob/v6.3.5.1/UPGRADE- 
6.3.md#6351 ### Workarounds For older versions of 6.1 and 6.2, 
corresponding security measures are also available via a plugin. 
For the full range of functions, we recommend updating to the 
latest Shopware version. 
https://store.shopware.com/en/detail/index/sArticle/518463/numben/Swag 136939242659 
### For more information 
https://docs.shopware.com/en/shopware-6-en/security- 
updates/security-update-02-2021 
Shopware is an open source eCommerce platform. Potential 
session hijacking of store customers in versions below 6.3.5.2. We 
recommend to update to the current version 6.3.5.2. You can get CVE-2021-32710 
shopware -- shopware the update to 6.3.5.2 regularly via the Auto-Updater or directly via 2021-06-24 not yet CONFIRM 
the download overview. For older versions of 6.1 and 6.2, calculated MISC. 
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Primary ae P Cvss Source & Patch 
Vendor -- Product Bescnpron Publlehed Score Info 
Shopware is an open source eCommerce platform. Creation of 
order credits was not validated by ACL in admin orders. Users are 
recommend to update to the current version 6.4.1.1. You can get 
shopware -- shopware the update to 6.4.1.1 regularly via the Auto-Updater or directly via 2021-06-24 not yet CVE-2021-32709 
the download overview. For older versions of 6.1, 6.2, and 6.3, calculated ||CONFIRM 
corresponding security measures are also available via a plugin. 
For the full range of functions, we recommend updating to the 
latest Shopware version. 
Shopware is an open source eCommerce platform. In versions 
prior to 6.4.1.1 private files publicly accessible with Cloud Storage 
providers when the hashed URL is known. Users are recommend 
to first change their configuration to set the correct visibility 
according to the documentation. The visibility must be at the same 
level as ‘type’. When the Storage is saved on Amazon AWS we CVE-2021-32717 
shopware -- shopware recommending disabling public access to the bucket containing 2021-06-24 not yet MISC 
the private files: calculated |CONFIRM 
https://docs.aws.amazon.com/AmazonS3/latest/userguide/access- MISC 
control-block-public-access.html. Otherwise, update to Shopware 
6.4.1.1 or install or update the Security plugin 
(https://store.shopware.com/en/detail/index/sArticle/518463/numbef/Swag1369392/72659) 
and run the command *./bin/console s3:set-visibility’ to correct 
our cloud file visibilities. 
Shopware is an open source eCommerce platform. Versions prior . ? 
chop Ward shooware to 5.6.10 suffer from an authenticated stored XSS in notvet weed 
P P administration vulnerability. Users are recommend to update to the|| 2021-06-24 y wee 
: : calculated ||MISC 
version 5.6.10. You can get the update to 5.6.10 regularly via the MISC 
Auto-Updater or directly via the download overview. lems 
A vulnerability in SonicOS where the HTTP server response leaks 
sonicwall -- sonicos partial memory by sending a crafted HTTP request, this can 2021-06-23 not yet CVE-2021-20019 
potentially lead to an internal sensitive data disclosure calculated |CONFIRM 
Vulnerability. 
Use after free vulnerability in file transfer protocol component in 
synology -- disktation_manager Synology DiskStation Manager (DSM) before 6.2.3-25426-3 2021-06-23 not yet |CVE-2021-27649 
allows remote attackers to execute arbitrary code via unspecified calculated |CONFIRM 
vectors. 
synology -- Improper limitation of a pathname to a restricted directory (‘Path 
: : Traversal’) vulnerability in webapi component in Synology not yet |CVE-2021-29087 
synology_diskstation_manager —_ nig Station Manager (DSM) before 6.2.3-25426-3 allows remote || 2221-06-23 | calculated |CONFIRM 
attackers to write arbitrary files via unspecified vectors. 
synology -- Exposure of sensitive information to an unauthorized actor 
, : vulnerability in webapi component in Synology DiskStation ae: not yet |CVE-2021-29086 
pyneinay alskotabon. manager Manager (DSM) before 6.2.3-25426-3 allows remote attackers to eel ayes calculated |CONFIRM 
obtain sensitive information via unspecified vectors. 
Improper neutralization of special elements in output used by a 
synology -- downstream component (‘Injection’) vulnerability in file sharing . . 
synology_diskstation_manager management component in Synology DiskStation Manager (DSM) || 2021-06-23 Rice aro 
before 6.2.3-25426-3 allows remote attackers to read arbitrary —— 
files via unspecified vectors. 
Improper neutralization of special elements in output used by a 
synology -- downstream component (‘Injection’) vulnerability in Security es : 
synology_diskstation_manager Advisor report management component in Synology DiskStation 2021-06-23 2 ane 
Manager (DSM) before 6.2.3-25426-3 allows remote attackers to a 
read arbitrary files via unspecified vectors. 
A stored cross-site scripting (XSS) vulnerability was discovered in is r 
Irioplite -trioplite su2200rki2ua__/Fo"™s/device_vars_1 on TrippLite SU2200RTXL2Ua with oe a 
PP ppite_ firmware version 12.04.0055. This vulnerability allows 2021-06-25 yet se 
: : Fie : , calculated ||MISC 
authenticated attackers to obtain other users’ information via a MISC 
crafted POST request. (asec 
sma cstsrauxer Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to atvet CVE-2021-34067 
cause a Denial of Service (DoS) by running the application with a || 2021-06-23 raed MISC 
crafted file. CONFIRM 
lsiuxereteimuxer Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to not vet CVE-2021-34068 
cause a Denial of Service (DoS) by running the application with a || 2021-06-23 saieucied CONFIRM 
crafted file. MISC 
FSU ReetSMMUNeE Divide-by-zero bug in tsMuxer 2.6.16 allows attackers to cause a not vet CVE-2021-34069 
Denial of Service (DoS) by running the application with a crafted 2021-06-23 fed MISC 
file. CONFIRM 
saver etemmuxer Out-of-bounds Read in tsMuxer 2.6.16 allows attackers to cause a ndkvet CVE-2021-34070 
Denial of Service (DoS) by running the application with a crafted 2021-06-23 Ms CONFIRM 
; calculated 
file. MISC 
Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to 
lernliner==temunel cause a Denial of Service (DoS) by running the application with a || 2021-06-23 | ee ne 
crafted file. calculated (CONFIRM 
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resulting in full control of the device. An attacker can send various 
authenticated requests to trigger this vulnerability. 

















Primary _—e P Cvss Source & Patch 
Vendor -- Product Peecmpien Published Score Info 
A flaw was discovered in gfs2 file system’s handling of acls CVE-2010-2525 
ubuntu -- gfs2 (access control lists). An unprivileged local attacker could exploit 2021-06-22 not yet MISC... 
this flaw to gain access or execute any file stored in the gfs2 file calculated MISC 
system. foneece™ 
URL encoding error in development mode handler in 
aadin= flow com.vaadin:flow-server versions 2.0.0 through 2.6.1 (Vaadin nokvet CVE-2021-33604 
14.0.0 through 14.6.1), 3.0.0 through 6.0.9 (Vaadin 15.0.0 through |} 2021-06-24 eerie CONFIRM 
19.0.8) allows local user to execute arbitrary JavaScript code by CONFIRM 
opening crafted URL in browser. 
Improper sanitization of path in default RouteNotFoundError view 
in com.vaadin:flow-server versions 1.0.0 through 1.0.14 (Vaadin 
10.0.0 through 10.0.18), 1.1.0 prior to 2.0.0 (Vaadin 11 prior to 14), CVE-2021-31412 
vaadin -- flow 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), and 3.0.0 2021-06-24 not yet CONFIRM 
through 6.0.9 (Vaadin 15.0.0 through 19.0.8) allows network calculated CONFIRM 
attacker to enumerate all available routes via crafted HTTP (aceaieatis 
request when application is running in production mode and no 
custom handler for NotFoundException is provided. 
VMware Carbon Black App Control 8.0, 8.1, 8.5 prior to 8.5.8, and 
vmware -- 8.6 prior to 8.6.2 has an authentication bypass. A malicious actor 
carbon_black_app_control with network access to the VMware Carbon Black App Control 2021-06-23 not yet |pteee is 
; : a : calculated ||MISC 
management server might be able to obtain administrative access 
ito the product without the need to authenticate. 
VMware Tools for Windows (11.x.y prior to 11.2.6), VMware 
Remote Console for Windows (12.x prior to 12.0.1) , VMware App 
vinWaie:ciMliple. products Volumes (2.x prior to 2.18.10 and 4 prior to 2103) contain a local not vet CVE-2021-21999 
pie_p privilege escalation vulnerability. An attacker with normal access 2021-06-23 dea MISC 
to a virtual machine may exploit this issue by placing a malicious MISC 
file renamed as ‘openssl.cnf' in an unrestricted directory which 
would allow code to be executed with elevated privileges. 
webport -- webport Cross Site Scripting (XSS) vulnerability in WebPort <=1.19.1via 2021-06-24 not yet oe 
the connection name parameter in type-conn. calculated MISC 
webport -- webport Directory Traversal vulnerability in WebPort <=1.19.1 in tags of 2021-06-24 not yet a 
system settings. calculated MISC 
webport -- webport SQL Injection vulnerability in WebPort <=1.19.1 via the new 2021-06-24 not yet en raeee 
connection, parameter name in type-conn. calculated MISC 
webport-- webport Cross Site Scripting (XSS) vulnerability in WebPort <=1.19.1 via. | 5994-96-04 || _notyet nee 
the description parameter to script/listcalls. calculated MISC 
In Weidmueller Industrial WLAN devices in multiple versions an 
exploitable privilege escalation vulnerability exists in the 
: _ iw_console functionality. A specially crafted menu selection string : : 
Eee davicas: can cause an escape from the restricted console, resulting in 2021-06-25 Panera ee 
= = system access as the root user. An attacker can send commands peeeenciemrioanl 
while authenticated as a low privilege user to trigger this 
vulnerability. 
In Weidmueller Industrial WLAN devices in multiple versions an 
exploitable command injection vulnerability exists in the iw_webs 
weidmueller -- functionality. A specially crafted diagnostic script file name can 7 : 
industrial_wlan_devices cause user input to be reflected in a subsequent iw_system call, 2021-06-25 Rae Soa an 
resulting in remote control over the device. An attacker can send ———————— 
commands while authenticated as a low privilege user to trigger 
this vulnerability. 
In Weidmueller Industrial WLAN devices in multiple versions an 
Mveiainifellar ce exploitable denial-of-service vulnerability exists in ServiceAgent 
industrial_ wlan_devices functionality. A specially crafted packet can cause an integer 2021-06-25 not yet |CVE-2021-33536 
underflow, triggering a large memcpy that will access unmapped calculated |CONFIRM 
or out-of-bounds memory. An attacker can send this packet while 
unauthenticated to trigger this vulnerability. 
In Weidmueller Industrial WLAN devices in multiple versions an 
exploitable command injection vulnerability exists in the iw_webs 
weidmueller -- functionality. A specially crafted iw_serverip parameter can cause 
industrial_wlan_devices user input to be reflected in a subsequent iw_system call, resulting|} 2021-06-25 not yet |Eee202t-o2598 
; : calculated |CONFIRM 
in remote control over the device. An attacker can send 
commands while authenticated as a low privilege user to trigger 
this vulnerability. 
In Weidmueller Industrial WLAN devices in multiple versions an 
Weaintiellanze exploitable command injection vulnerability exists in the hostname 
; : . functionality. A specially crafted entry to network configuration not yet CVE-2021-33534 
Industrial_wlan_devices information can cause execution of arbitrary system commands, ee calculated |CONFIRM 
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weidmueller -- 
industrial_wlan_devices 


In Weidmueller Industrial WLAN devices in multiple versions an 
exploitable format string vulnerability exists in the iw_console 
conio_writestr functionality. A specially crafted time server entry 
can cause an overflow of the time server buffer, resulting in 
remote code execution. An attacker can send commands while 
authenticated as a low privilege user to trigger this vulnerability. 


2021-06-25 


not yet 
calculated 


CVE-2021-33535 
CONFIRM 








weidmueller -- 
industrial_wlan_devices 


In Weidmueller Industrial WLAN devices in multiple versions an 
exploitable command injection vulnerability exists in encrypted 
diagnostic script functionality of the devices. A specially crafted 
diagnostic script file can cause arbitrary busybox commands to be 
executed, resulting in remote control over the device. An attacker 
can send diagnostic while authenticated as a low privilege user to 
trigger this vulnerability. 


2021-06-25 


not yet 
calculated 


CVE-2021-33530 
CONFIRM 








weidmueller -- 
industrial_wlan_devices 


In Weidmueller Industrial WLAN devices in multiple versions an 
exploitable remote code execution vulnerability exists in the 
iw_webs configuration parsing functionality. A specially crafted 
user name entry can cause an overflow of an error message 
buffer, resulting in remote code execution. An attacker can send 
commands while authenticated as a low privilege user to trigger 
this vulnerability. 


2021-06-25 


not yet 
calculated 


CVE-2021-33537 
CONFIRM 








weidmueller -- 
industrial_wlan_devices 


In Weidmueller Industrial WLAN devices in multiple versions an 
exploitable improper access control vulnerability exists in the 
iw_webs account settings functionality. A specially crafted user 
name entry can cause the overwrite of an existing user account 
password, resulting in remote shell access to the device as that 
user. An attacker can send commands while authenticated as a 
low privilege user to trigger this vulnerability. 


2021-06-25 


not yet 
calculated 


CVE-2021-33538 
CONFIRM 








weidmueller -- 
industrial_wlan_devices 


In Weidmueller Industrial WLAN devices in multiple versions an 
exploitable authentication bypass vulnerability exists in the 
hostname processing. A specially configured device hostname 
can cause the device to interpret selected remote traffic as local 
traffic, resulting in a bypass of web authentication. An attacker can 
send authenticated SNMP requests to trigger this vulnerability. 


2021-06-25 


not yet 
calculated 


CVE-2021-33539 
CONFIRM 








weidmueller -- 
industrial_wlan_devices 


In Weidmueller Industrial WLAN devices in multiple versions the 
usage of hard-coded cryptographic keys within the service agent 
binary allows for the decryption of captured traffic across the 
network from or to the device. 


2021-06-25 


not yet 
calculated 


CVE-2021-33529 
CONFIRM 








weidmueller -- 
industrial_wlan_devices 


In Weidmueller Industrial WLAN devices in multiple versions an 
exploitable use of hard-coded credentials vulnerability exists in 
multiple iw_* utilities. The device operating system contains an 
undocumented encryption password, allowing for the creation of 
custom diagnostic scripts. An attacker can send diagnostic scripts 
while authenticated as a low privilege user to trigger this 
Vulnerability. 


2021-06-25 


not yet 
calculated 


CVE-2021-33531 
CONFIRM 








weseek -- growi 


NoSQL injection vulnerability in GROWI versions prior to v4.2.20 
allows a remote attacker to obtain and/or alter the information 
stored in the database via unspecified vectors. 


2021-06-22 


not yet 
calculated 





CVE-2021-20736 
MISC 
MISC 








weseek -- growi 


Improper authentication vulnerability in GROWI versions prior to 
v4.2.20 allows a remote attacker to view the unauthorized pages 
without access privileges via unspecified vectors. 


2021-06-22 


not yet 
calculated 





ICVE-2021-20737 
MISC 
MISC 








wordpress -- wordpress 


‘The Comments Like Dislike WordPress plugin before 1.1.4 allows 
users to like/dislike posted comments, however does not prevent 
them from replaying the AJAX request to add a like. This allows 
any user (even unauthenticated) to add unlimited like/dislike to 
any comment. The plugin appears to have some Restriction 
modes, such as Cookie Restriction, IP Restrictions, Logged In 
User Restriction, however, they do not prevent such attack as they 
only check client side 


2021-06-21 


not yet 
calculated 


CVE-2021-24379 
CONFIRM 








zoho -- 
manageengine_adselfservice_plus 


Zoho ManageEngine ADSelfService Plus through 6101 is 
vulnerable to unauthenticated Remote Code Execution while 
changing the password. 


2021-06-25 


not yet 
calculated 





CVE-2021-28958 
MISC 
MISC 








zte -- smart_stb_product 











A smart STB product of ZTE is impacted by a permission and 
access control vulnerability. Due to insufficient protection of 
system application, attackers could use this vulnerability to tamper 
with the system desktop and affect system customization 
functions. This affects: ZXV10 B860H V5.0, V83011303.0010, 





V83011303.0016 








2021-06-24 





not yet 
calculated 





CVE-2021-21737 
MISC 











Back to top 


This product is provided subject to this Notification and this Privacy & Use policy. 


Having trouble viewing this message? View it as a webpage. 


https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2e5e286 


31/32 








6/28/2021 Vulnerability Summary for the Week of June 21, 2021 


You are subscribed to updates from the Cybersecurity and Infrastructure Security Agency (CISA) 
Manage Subscriptions | Privacy Policy | Help 








Connect with CISA: 
Facebook | Twitter | Instagram | LinkedIn | YouTube 





Powered by 
QOVDELIVERY™ 


Privacy Policy | Cookie Statement | Help 





https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2e5e286 32/32 


